Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer takes 45 minutes to Reboot! Boot Sector of C Drive, hiber. file locked!


  • This topic is locked This topic is locked
55 replies to this topic

#1 Glycerine

Glycerine

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 03 November 2014 - 04:43 PM

Hi There,

 

These are the symptoms of my extremely Sloooow computer. I thank you in advance for any assistance.

 

I apologize for for no DDS Log. I could not run any diagnostic tools in normal booting. DDS, and all the others simply say "A referral was returned from the server." They will not run. However I am able to run all the tools, i.e., FSS, FRST, etc, in SAFE MODE.  At the end I will post a log for MiniToolbox which I ran in SAFE MODE.

OS: Windows 8.1 X64

Problem Summary:

1) Computer has been taking 45 minutes to reboot. Has slowed to a crawl.

2) In Lower Right Hand Corner of computer by DATE there is a Flag with Red "X". Says"Start-up to repair errors." I have restarted it a ridiculous amount of times but nothing ever happens. It keeps saying "Restart  to fix disk errors."

3) SFC /SCANNOW says many corrupt files but canot be fixed.


3a) I cannot connect to my school account without logging into two separate browsers

4) I ran "AutoRuns". It listed a very strange file. I do remember downloading this file. A few months ago, out of nowhere I was prompted to download this Driver/Software for my printer. At the time of download, I had plugged printer into computer to print something and I got this pop-up window saying I needed to download a driver or some software. I was in a hurry so I did it, but looking back it did seem kind of strange. Also, shortly after downloading it, I got a phone call from my ISP, (or someone claiming to be from my ISP), that my IP address had been used in a Denial of Service attack. The guy on the phone said it could have come from my printer. Now that I think about it, the phone call did seem strange as well, although the guy seemed to know what he was talking about. Also the description in "Autoruns" looks like this:

Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run                10/28/2014 7:32 PM
 

Autorun Entry                                                Description                                   Publisher                                                             
EPLTarget\P0000000000000000             EPSON Status Monitor 3    (Verified) SEIKO EPSON CORPORATION  

 

Image Path                                                                                         TimeStamp (Not Correct)

 c:\windows\system32\spool\drivers\x64\3\e_yatiiue.exe                    2/26/2012 8:31 PM
                                                                                                    

5) I got this computer from Amazon in Sept. 2013. It came with Mcafee Installed. For months, I never ever got alerted for viruses or any bad things. I finally tested it about a month ago, and there were about 10 errors, including registry, other settings. So basically I assume I had no virus/firewall protection for months.

6) I have a ton of files that my new ESET can't open or are "password-protected". I certainly didn't do this. Some files that are locked include: (There are many more but I thought this would be enough to give you an idea)

Boot sector of disk C: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\swapfile.sys - error opening [4]
C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\438210b142e466158c72d6dfdf1c6ef6_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48fa6bd6b3b5c103419614dc6385deb7_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c9c775353d03e8b48ef9c7a6ca1f137_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73f5d4f5fd75296ae68feec10512af17_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c32d6dae3710b644c340320ba734d81_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Amazon.com.Amazon_2014.612.109.1246_neutral_~_343d40qqvtj1t_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_AMZNMobileLLC.KindleforWindows8_2.1.0.1_neutral__stfe6vwa9jnbp_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_CheckPoint.VPN_1.0.0.1_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellShop_1.3.151.10_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_eBayInc.eBay_2014.320.2131.2937_neutral_~_1618n3s9xq8tw_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_f5.vpn.client_1.0.0.11_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_JuniperNetworks.JunosPulseVpn_1.0.0.206_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_McAfeeInc.01.McAfeeSecurityAdvisorforDell_3.5.122.1_x64__n49tcsmxt2t2c_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingFinance_2014.425.1751.3374_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingFoodAndDrink_2014.716.1726.5521_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingHealthAndFitness_2014.718.242.5293_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingMaps_2014.522.1903.3441_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingNews_2014.704.948.607_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingSports_2014.728.2153.5060_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingTravel_2014.704.950.1561_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingWeather_2014.704.951.1880_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.HelpAndTips_2014.716.611.79_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Office.OneNote_2014.809.149.5860_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Office.OneNote_2014.921.1853.4418_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Reader_2014.312.322.1510_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.SkypeApp_2014.731.933.5139_neutral_~_kzf8qxf38zg5c_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsAlarms_2013.1204.852.3011_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsCalculator_2013.1007.1950.2960_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_microsoft.windowscommunicationsapps_2014.729.2245.2160_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsReadingList_2014.626.1418.1617_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsScan_2013.1007.2015.3834_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsSoundRecorder_2013.1010.500.2928_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.XboxLIVEGames_2013.1011.10.5965_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneMusic_2014.805.2251.350_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneMusic_2014.923.1024.131_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.1023.502.456_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.812.1127.2182_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.918.1014.1079_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_SonicWALL.MobileConnect_1.0.0.8_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_AntimalwareProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_DeviceProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_EventData_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_MachineProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_OSMetrics_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_OSState_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_ProcessMetrics_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_ProcessState_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\rac.db - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\rac.log - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacDataBookmarks.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacEtwData.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacEventData.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\tmp.edb - error opening [4]
C:\ProgramData\Oracle\Java\javapath\java.exe - error opening [4]
C:\ProgramData\Oracle\Java\javapath\javaw.exe - error opening [4]
C:\ProgramData\Oracle\Java\javapath\javaws.exe - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\438210b142e466158c72d6dfdf1c6ef6_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48fa6bd6b3b5c103419614dc6385deb7_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c9c775353d03e8b48ef9c7a6ca1f137_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\73f5d4f5fd75296ae68feec10512af17_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7c32d6dae3710b644c340320ba734d81_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_Amazon.com.Amazon_2014.612.109.1246_neutral_~_343d40qqvtj1t_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_AMZNMobileLLC.KindleforWindows8_2.1.0.1_neutral__stfe6vwa9jnbp_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_CheckPoint.VPN_1.0.0.1_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellShop_1.3.151.10_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]

6a) I have many files with multiple extensions. Some are listed above as some of the files that I can't open.

7) I have these strange names for Kindle books I rented. They are in the folder:  \myname\documents\mykindlecontent

PSNL!KEDURentals!cmVudGFsLWV4cGlyZWQuaHRtbD9BU0lOPUIwMERJSkM4VUE_PSNL.azw
PSNL!KEDURentals!cmVudGFsLWV4cGlyZWQuaHRtbD9BU0lOPUIwMERJSkM4VUE_PSNL.mbp

8) I have Over 800 Hidden Files

9) I downloaded "SuperAnti-Spyware". Now it runs as a Service.

10) Flash player consistently making outgoing connections to Netherlands IP address. (Using Glasswire I can see all outgoing connections).

11) For a school project my teacher wanted us to download software from sourceforge, some of which has been acting very suspicious.

12) I have many files, for example "unregmp2.exe" that are listed in "Autoruns." It is listed about 10 times for completely unrelated Entries.

MiniToolBox by Farbar  Version: 21-07-2014
Ran by TLC (administrator) on 03-11-2014 at 15:22:35
Running from "C:\Users\TLC\Desktop\Downloads"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Network

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Ethernet (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)
TAP-VyprVPN Adapter V9 = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="Wi-Fi" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : SweetHomeAl
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-21-BE-CC-EF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-VyprVPN Adapter V9
   Physical Address. . . . . . . . . : 00-FF-A7-8D-AE-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : middlesexcc.edu
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 1C-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F0-1F-AF-0A-D8-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6026:48:c173:cfe:5c21:a82e(Preferred)
   Lease Obtained. . . . . . . . . . : Monday, November 3, 2014 10:24:20 AM
   Lease Expires . . . . . . . . . . : Thursday, November 6, 2014 8:17:29 PM
   Link-local IPv6 Address . . . . . : fe80::2da6:780c:dd14:8539%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 68.39.180.20(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Monday, November 3, 2014 10:24:19 AM
   Lease Expires . . . . . . . . . . : Thursday, November 6, 2014 8:58:39 PM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe22:50c1%3
                                       68.39.176.1
   DHCP Server . . . . . . . . . . . : 69.252.208.68
   DHCPv6 IAID . . . . . . . . . . . : 267394991
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1E-3F-50-F0-1F-AF-0A-D8-2D
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:4006:809::1004
      74.125.226.163
      74.125.226.166
      74.125.226.165
      74.125.226.174
      74.125.226.168
      74.125.226.162
      74.125.226.169
      74.125.226.160
      74.125.226.164
      74.125.226.167
      74.125.226.161


Pinging google.com [2607:f8b0:4006:808::1008] with 32 bytes of data:
Reply from 2607:f8b0:4006:808::1008: time=16ms
Reply from 2607:f8b0:4006:808::1008: time=16ms

Ping statistics for 2607:f8b0:4006:808::1008:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=28ms TTL=53
Reply from 98.139.183.24: bytes=32 time=23ms TTL=53

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 28ms, Average = 25ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...00 ff 21 be cc ef ......TAP-Windows Adapter V9
 11...00 ff a7 8d ae e1 ......TAP-VyprVPN Adapter V9
  4...1c 3e 84 ad fd 6b ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
  3...f0 1f af 0a d8 2d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.39.176.1     68.39.180.20     20
      68.39.176.0    255.255.248.0         On-link      68.39.180.20    276
     68.39.180.20  255.255.255.255         On-link      68.39.180.20    276
    68.39.183.255  255.255.255.255         On-link      68.39.180.20    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      68.39.180.20    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      68.39.180.20    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    276 ::/0                     fe80::201:5cff:fe22:50c1
  1    306 ::1/128                  On-link
  3    276 2001:558:6026:48:c173:cfe:5c21:a82e/128
                                    On-link
  3    276 fe80::/64                On-link
  3    276 fe80::2da6:780c:dd14:8539/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (11/03/2014 03:22:38 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:38 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/03/2014 03:22:36 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-29 03:06:42.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-20 19:53:51.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:50:29.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:46:11.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:43:30.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:40:38.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:39:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:37:07.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:32:28.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:29:30.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.



=========================== Installed Programs ============================
Adobe Flash Player 15 Plugin (HKLM-x32\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BorgataCasino (HKLM-x32\...\BorgataCasino) (Version:  - theBorgata)
BorgataPoker (HKLM-x32\...\BorgataPoker) (Version:  - theBorgata)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DVDFab 9.1.7.1 (17/10/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.)
GeoComply Browser Plugin (HKLM-x32\...\{CABAE48D-60FC-4845-8550-20A7928C1925}) (Version: 2.1.10.1 - GeoComply)
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.28 - SecureMix LLC)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenVPN 2.3.4-I002  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I002 - )
Pdf995 (HKLM-x32\...\Pdf995) (Version: 14.2s - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART English (United Kingdom) Language Pack (HKLM-x32\...\{8264804E-B6EA-4069-82E8-B76C791C8819}) (Version: 11.4.27.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.721.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)
SMART Response Software (HKLM-x32\...\{351B2133-C2A9-40A6-B6E8-B8468BD91D1A}) (Version: 4.8.497.0 - SMART Technologies ULC)
SMART Sync Teacher (HKLM-x32\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tropicana Atlantic City Online Geolocation Plugin (HKCU\...\Tropicana Atlantic City Online Geolocation Plugin) (Version: 2.1.10.1.14 - Gamesys Ltd)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 1.3.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.6 - Tweaking.com)
Update for Microsoft en-us Dictionary (Version: 16.1.1130.1 - Microsoft Corporation) Hidden
VyprVPN (HKLM-x32\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.4.6.3859 - Golden Frog, GmbH.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

========================= Devices: ================================

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8073.27 MB
Available physical RAM: 6502.29 MB
Total Pagefile: 16265.27 MB
Available Pagefile: 15122.08 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.82 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:452.51 GB) (Free:55.5 GB) NTFS
2 Drive d: (SG_REPORT_8) (CDROM) (Total:3.87 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\SWEETHOMEAL

Administrator            BigBadJohn               Guest                    
TLC                      

========================= Restore Points ==================================

21-10-2014 06:36:43 Restore Operation
29-10-2014 04:12:29 Windows Modules Installer
29-10-2014 09:42:15 Restore Operation
03-11-2014 04:08:33 Installed HiJackThis
03-11-2014 12:22:51 Restore Operation

**** End of log ****


Thanks again,

G
 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:50 AM

Posted 08 November 2014 - 04:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554571 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 10 November 2014 - 01:43 PM

Hi There,

These are the symptoms of my extremely Sloooow computer. I thank you in advance for any assistance.

I apologize for for no DDS Log. I could not run any diagnostic tools in normal booting. They all respond with "A referral was returned from the server." I can run most of them in "Safe Mode", however, DDS, will not run even in "Safe Mode" or normal booting. "

OS: Windows 8.1 X64

Problem Summary:

1) Computer has been taking 45 minutes to reboot. Has slowed to a crawl.

2) In Lower Right Hand Corner of computer by DATE there is a Flag with Red "X". Says"Start-up to repair errors." I have restarted it a ridiculous amount of times but nothing ever happens. It keeps saying "Restart to fix disk errors."

3) SFC /SCANNOW says many corrupt files but canot be fixed.

3a) I cannot connect to my school account without logging into two separate browsers

4) I ran "AutoRuns". It listed a very strange file. I do remember downloading this file. A few months ago, out of nowhere I was prompted to download this Driver/Software for my printer. At the time of download, I had plugged printer into computer to print something and I got this pop-up window saying I needed to download a driver or some software. I was in a hurry so I did it, but looking back it did seem kind of strange. Also, shortly after downloading it, I got a phone call from my ISP, (or someone claiming to be from my ISP), that my IP address had been used in a Denial of Service attack. The guy on the phone said it could have come from my printer. Now that I think about it, the phone call did seem strange as well, although the guy seemed to know what he was talking about. Also the description in "Autoruns" looks like this:

Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 10/28/2014 7:32 PM


Autorun Entry Description Publisher
EPLTarget\P0000000000000000 EPSON Status Monitor 3 (Verified) SEIKO EPSON CORPORATION

Image Path TimeStamp (Not Correct)
c:\windows\system32\spool\drivers\x64\3\e_yatiiue.exe 2/26/2012 8:31 PM


5) I got this computer from Amazon in Sept. 2013. It came with Mcafee Installed. For months, I never ever got alerted for viruses or any bad things. I finally tested it about a month ago, and there were about 10 Mcafee errors, including registry, other settings. So basically I assume I had no virus/firewall protection for months.

6) I have a ton of files that my new ESET can't open or are "password-protected". I certainly didn't do this. Some files that are locked include: (There are many more but I thought this would be enough to give you an idea)

Boot sector of disk C: - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\swapfile.sys - error opening [4]
C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\av\smartdb-ntfs.db - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\438210b142e466158c72d6dfdf1c6ef6_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48fa6bd6b3b5c103419614dc6385deb7_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c9c775353d03e8b48ef9c7a6ca1f137_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73f5d4f5fd75296ae68feec10512af17_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c32d6dae3710b644c340320ba734d81_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Amazon.com.Amazon_2014.612.109.1246_neutral_~_343d40qqvtj1t_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_AMZNMobileLLC.KindleforWindows8_2.1.0.1_neutral__stfe6vwa9jnbp_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_CheckPoint.VPN_1.0.0.1_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellShop_1.3.151.10_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_eBayInc.eBay_2014.320.2131.2937_neutral_~_1618n3s9xq8tw_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_f5.vpn.client_1.0.0.11_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_JuniperNetworks.JunosPulseVpn_1.0.0.206_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_McAfeeInc.01.McAfeeSecurityAdvisorforDell_3.5.122.1_x64__n49tcsmxt2t2c_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingFinance_2014.425.1751.3374_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingFoodAndDrink_2014.716.1726.5521_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingHealthAndFitness_2014.718.242.5293_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingMaps_2014.522.1903.3441_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingNews_2014.704.948.607_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingSports_2014.728.2153.5060_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingTravel_2014.704.950.1561_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.BingWeather_2014.704.951.1880_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.HelpAndTips_2014.716.611.79_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Office.OneNote_2014.809.149.5860_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Office.OneNote_2014.921.1853.4418_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.Reader_2014.312.322.1510_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.SkypeApp_2014.731.933.5139_neutral_~_kzf8qxf38zg5c_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsAlarms_2013.1204.852.3011_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsCalculator_2013.1007.1950.2960_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_microsoft.windowscommunicationsapps_2014.729.2245.2160_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsReadingList_2014.626.1418.1617_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsScan_2013.1007.2015.3834_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.WindowsSoundRecorder_2013.1010.500.2928_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.XboxLIVEGames_2013.1011.10.5965_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneMusic_2014.805.2251.350_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneMusic_2014.923.1024.131_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.1023.502.456_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.812.1127.2182_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_Microsoft.ZuneVideo_2014.918.1014.1079_neutral_~_8wekyb3d8bbwe_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_SonicWALL.MobileConnect_1.0.0.8_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryApp_winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_AntimalwareProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_DeviceProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_EventData_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_MachineProfile_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_OSMetrics_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_OSState_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_ProcessMetrics_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\Outbound\RacQueryGen_ProcessState_0000.sqm.sqm - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\rac.db - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\rac.log - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacDataBookmarks.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacEtwData.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\RacEventData.dat - error opening [4]
C:\ProgramData\Microsoft\RAC\StateData\tmp.edb - error opening [4]
C:\ProgramData\Oracle\Java\javapath\java.exe - error opening [4]
C:\ProgramData\Oracle\Java\javapath\javaw.exe - error opening [4]
C:\ProgramData\Oracle\Java\javapath\javaws.exe - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\438210b142e466158c72d6dfdf1c6ef6_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48fa6bd6b3b5c103419614dc6385deb7_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c9c775353d03e8b48ef9c7a6ca1f137_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\73f5d4f5fd75296ae68feec10512af17_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7c32d6dae3710b644c340320ba734d81_3ff3200a-6541-41ba-92c8-379be880c2b8 - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_Amazon.com.Amazon_2014.612.109.1246_neutral_~_343d40qqvtj1t_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_AMZNMobileLLC.KindleforWindows8_2.1.0.1_neutral__stfe6vwa9jnbp_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_CheckPoint.VPN_1.0.0.1_neutral_neutral_cw5n1h2txyewy_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]
C:\Users\All Users\Microsoft\RAC\Outbound\RacQueryApp_DellInc.DellShop_1.3.151.10_neutral__htrsf667h5kn2_0000.sqm.sqm - error opening [4]

6a) I have many files with multiple extensions. Some are listed above as some of the files that I can't open.

7) I have these strange names for Kindle books I rented. They are in the folder: \myname\documents\mykindlecontent

PSNL!KEDURentals!cmVudGFsLWV4cGlyZWQuaHRtbD9BU0lOPUIwMERJSkM4VUE_PSNL.azw
PSNL!KEDURentals!cmVudGFsLWV4cGlyZWQuaHRtbD9BU0lOPUIwMERJSkM4VUE_PSNL.mbp

8) I have Over 800 Hidden Files

9) Flash player consistently making outgoing connections to Netherlands IP address. (Using Glasswire I can see all outgoing connections).

10) For a school project my teacher wanted us to download software from sourceforge, some of which has been acting very suspicious.

11) I have many files, for example "unregmp2.exe" that are listed in "Autoruns." It is listed about 10 times for completely unrelated Entries.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I have run a lot of diagnostic tools but I have not allowed them to make any changes
----------------------------------------------------------------------------------------------------------------------------------
Microsoft Windows 8.1 Pro with Media Center (X64)
---------------------------------------------------------------------------------------------------------------------------------
I don't have the original CD/DVD
----------------------------------------------------------------------------------------------------------------------------------
Thank you,
G

Edited by Glycerine, 10 November 2014 - 01:56 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 14 November 2014 - 07:46 PM

Greetings Glycerine and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me so that I may evaluate fresh information.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 15 November 2014 - 01:14 AM

Hi Gary,

 

Thanks for your help. You can call me Eric.

As I mentioned in my OP, the only way that I can run any tools is in SAFE MODE.

This is how I ran FRST and generated the logs I have copied.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by TLC (administrator) on SWEETHOMEAL on 15-11-2014 00:12:51
Running from C:\Users\TLC\Desktop
Loaded Profile: TLC (Available profiles: TLC & BigBadJohn)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(OpenDNS) C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\dnscrypt-proxy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2013-10-31] (SMART Technologies)
HKLM-x32\...\Run: [Response Desktop Menu] => C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [1312560 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [ResponseConnectorService] => C:\Program Files (x86)\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe [40448 2013-11-20] (SMART Technologies)
HKLM-x32\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-04] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Run: [DellSystemDetect] => C:\Users\TLC\AppData\Local\Apps\2.0\OHLRWZA4.1B3\26BPEX88.GNH\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-08-08] (Dell)
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9473320 2014-10-23] (SecureMix LLC)
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Umbrella Roaming Client.lnk
ShortcutTarget: Umbrella Roaming Client.lnk -> C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCInterface.exe (OpenDNS)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {2A12C7E7-6955-4AC1-B0AF-E6011F2CF86F} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {2A12C7E7-6955-4AC1-B0AF-E6011F2CF86F} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name -> {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll No File
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Toolbar: HKLM-x32 - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} http://content.systemrequirementslab.com/bin/srldetect_intel64_4.5.15.0.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5F0A5604-E0D9-4842-A499-53FE5F1B935A}: [NameServer] 127.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: gamesys.co.uk/TropicanaGeolocationPlugin -> C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\BrowserPlugin\npGeolocationPlugin.dll No File
FF Plugin-x32: geocomply.com/gc_browser_plugin_client -> C:\Program Files (x86)\Tropicana Atlantic City Online GeoLocation\npgc-browser-plugin-client.dll No File
FF Plugin HKU\S-1-5-21-1728614643-3146882776-3930629701-1001: geocomply.com/gc_browser_plugin_client_2_1_10 -> C:\Program Files (x86)\GeoComply\gc-browser-plugin-client_2_1_10\2.1.10.1\npgc-browser-plugin-client_2_1_10.dll (GeoComply)
FF SearchPlugin: C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Ghostery - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script> [2014-11-03]
FF Extension: Link Alert - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default\Extensions\[email protected]<script type="text/javascript"> /* */ </script>[2014-11-03]
FF Extension: NoScript - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-03]
FF Extension: Adblock Plus - C:\Users\TLC\AppData\Roaming\Mozilla\Firefox\Profiles\l81e5rq5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-03]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4785168 2014-09-17] (Emsisoft GmbH)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-04] (Windows ® Win 7 DDK provider)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [280064 2014-05-01] (Microsoft Corporation)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6279976 2014-10-23] (SecureMix LLC)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-01] (Microsoft Corporation)
S2 Response Hardware; C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [20272 2013-11-20] (SMART Technologies ULC)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
S2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-12-07] () [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-21] (Microsoft Corporation)
S2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S4 SNMP; C:\Windows\System32\snmp.exe [50688 2014-05-01] (Microsoft Corporation)
S4 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-05-01] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 Umbrella_RC; C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\ERCService.exe [33792 2014-10-30] (OpenDNS) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S4 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [X]
S4 Intel® Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-04] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [32784 2014-10-22] (SecureMix LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 tapstrong; C:\Windows\system32\DRIVERS\tapstrong.sys [38760 2013-10-31] (The OpenVPN Project)
R3 tapvyprvpn; C:\Windows\system32\DRIVERS\tapvyprvpn.sys [44896 2014-07-29] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-03] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-18] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 01:20 - 2014-11-15 01:20 - 00000000 _____ () C:\Recovery.txt
2014-11-15 00:12 - 2014-11-15 00:13 - 00020034 _____ () C:\Users\TLC\Desktop\FRST.txt
2014-11-15 00:11 - 2014-11-15 00:11 - 02116608 _____ (Farbar) C:\Users\TLC\Desktop\FRST64.exe
2014-11-14 22:50 - 2014-11-14 22:50 - 00000000 __SHD () C:\Users\TLC\AppData\Local\EmieBrowserModeList
2014-11-14 20:40 - 2014-10-29 19:55 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-14 20:40 - 2014-10-29 19:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 20:23 - 2014-11-14 23:22 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Doctor Web
2014-11-14 20:15 - 2014-11-14 23:39 - 00000000 ____D () C:\Program Files\DrWeb
2014-11-13 00:45 - 2014-11-13 00:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 21:03 - 2014-11-14 20:04 - 00000000 ____D () C:\Users\TLC\Desktop\Toolbox
2014-11-11 23:14 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-11 23:14 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-11 23:14 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-11 23:14 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-11 23:14 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-11 23:14 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-11 23:14 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-11 23:14 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-11 23:14 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-11 23:14 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-11 23:14 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-11 23:14 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-11 23:14 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-11 23:14 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-11 23:14 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-11 23:14 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-11 23:13 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-11 23:13 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-11 23:13 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-11 23:13 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-11 23:13 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-11 23:13 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-11 23:13 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-11 23:13 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-11 23:13 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-11 23:13 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-11 23:13 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-11 23:13 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-11 23:13 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-11 23:13 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-11 23:13 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-11 23:13 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-11 23:13 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-11 23:13 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-11 23:13 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-11 23:13 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-11 23:12 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-11 23:12 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-11 23:12 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-11 23:12 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-11 23:12 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-11 23:12 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-11 23:12 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-11 23:12 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 23:11 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-11 23:11 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-11 23:11 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-11 23:11 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-11 23:11 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-11 23:11 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-11 23:11 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-11 23:11 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-11 23:11 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-11 23:11 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-11 23:11 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-11 23:11 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-11 23:10 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-11 23:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-11 23:10 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-11 23:10 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-11 23:10 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-11 23:10 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-11 23:09 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-11 23:09 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-11 23:09 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-11 23:09 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-11 23:09 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-11 23:09 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-11 23:09 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-11 23:09 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-11 23:09 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-11 23:09 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-11 23:09 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-11 23:09 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-11 23:09 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-11 23:09 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-11 23:09 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-11 23:09 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-11 23:09 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-11 23:09 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-11 23:09 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-11 23:09 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-11 23:09 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-11 23:09 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-11 23:09 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-11 23:09 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-11 23:09 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-11 23:09 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-11 23:09 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-11 23:09 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-11 23:09 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-11 23:09 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-11 23:09 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-11 23:09 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-11 23:09 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-11 23:09 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-11 23:09 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-11 23:09 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-11 23:09 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-11 23:09 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-11 23:09 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-11 23:09 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-11 23:09 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-11 23:09 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-11 23:09 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-11 23:09 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-11 23:09 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-11 23:09 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-11 23:09 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-11 23:09 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-11 23:09 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-11 23:09 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-11 23:09 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-11 23:09 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-11 23:09 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-11 23:09 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-11 23:09 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-11 23:09 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-11 23:09 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-11 23:09 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-11 23:09 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-11 23:09 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-11 23:09 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-11 23:09 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-11 23:09 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-11 23:09 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-11 23:09 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-11 23:09 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-11 23:09 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-11 23:09 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-11 23:09 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-11 23:09 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-11 23:09 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 23:09 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-11 23:09 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-11 23:09 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-11 23:09 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-11 23:09 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-11 23:09 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-11 23:09 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-11 23:09 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-11 23:09 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-11 23:09 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-11 23:09 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-11 23:09 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-11 23:09 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-11 23:09 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-11 23:09 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-11 23:09 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-11 23:09 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-11 23:09 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-11 23:09 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-11 23:09 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-11 23:09 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-11 23:09 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-11 23:09 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-11 23:09 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-11 23:08 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-11 23:08 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-11 23:08 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-11 23:08 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-11 23:08 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-11 23:08 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-11 23:08 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-11 23:08 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-11 23:08 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-11 23:08 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-11 23:08 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-11 23:08 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-11 23:08 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-11 23:08 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-11 23:08 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-11 23:08 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-11 23:08 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-11 23:08 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-11 23:08 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-11 23:08 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-11 23:08 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-11 23:08 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-11 23:08 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-11 23:08 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-11 23:08 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-10 15:53 - 2014-11-12 13:57 - 00008526 _____ () C:\Users\TLC\Desktop\Whitelist.txt
2014-11-10 13:02 - 2014-11-10 13:02 - 00688992 _____ (Swearware) C:\Users\TLC\Desktop\dds.com
2014-11-08 14:34 - 2014-11-08 14:34 - 00031122 _____ () C:\Users\TLC\Desktop\Promise-backend.js
2014-11-08 10:01 - 2014-11-08 10:01 - 00140336 _____ () C:\Users\TLC\Desktop\oOSPP.HTM
2014-11-08 09:22 - 2014-11-08 09:22 - 00004726 _____ () C:\Users\TLC\Desktop\W1orkflow.Targets.txt
2014-11-08 08:42 - 2014-11-08 08:42 - 00000470 _____ () C:\Users\TLC\Desktop\pdf995.ini
2014-11-08 02:37 - 2014-11-08 02:37 - 00000000 ____D () C:\Program Files (x86)\OpenDNS
2014-11-08 02:33 - 2014-11-08 02:33 - 00002038 _____ () C:\Users\TLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2014-11-08 02:33 - 2014-11-08 02:33 - 00000000 ____D () C:\Program Files (x86)\OpenDNS Updater
2014-11-07 18:50 - 2014-11-08 02:37 - 00000000 ____D () C:\ProgramData\OpenDNS
2014-11-07 18:42 - 2014-11-12 13:30 - 00000000 ____D () C:\Users\TLC\Desktop\OpenDNS-URC-win-1.6.53
2014-11-07 18:42 - 2014-11-08 02:35 - 02282681 _____ () C:\Users\TLC\Desktop\OpenDNS-URC-win-1.6.53.zip
2014-11-07 10:56 - 2014-11-07 10:56 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\OpenDNS Updater
2014-11-07 10:54 - 2014-11-08 02:31 - 00225336 _____ () C:\Users\TLC\Desktop\OpenDNS-Updater-2.2.1.exe
2014-11-07 09:34 - 2014-11-07 09:34 - 00116736 _____ () C:\Users\TLC\Desktop\OpenDNSDiagnostic-1.4.1.exe
2014-11-06 09:35 - 2014-11-06 09:35 - 02424832 _____ () C:\Users\TLC\Desktop\problemSyncEngine-2014-10-04.1356.3524-1.etl.txt
2014-11-06 08:42 - 2014-11-06 08:42 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\16403
2014-11-06 05:46 - 2014-11-06 05:46 - 00000000 _____ () C:\Users\TLC\Desktop\New Text Document (2).txt
2014-11-06 04:55 - 2014-11-06 04:55 - 00001243 _____ () C:\Users\TLC\Desktop\TreeSize Free.lnk
2014-11-06 04:55 - 2014-11-06 04:55 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\JAM Software
2014-11-06 04:55 - 2014-11-06 04:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-11-06 04:55 - 2014-11-06 04:55 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-11-06 04:54 - 2014-11-06 04:54 - 05096104 _____ (JAM Software ) C:\Users\TLC\Desktop\TreeSizeFreeSetup.exe
2014-11-06 04:54 - 2014-11-06 04:54 - 02301330 _____ (MindGems, Inc. ) C:\Users\TLC\Desktop\FolderSize.exe
2014-11-03 13:16 - 2014-11-03 15:30 - 00000000 ____D () C:\Users\TLC\Desktop\OTLScans
2014-11-03 12:40 - 2014-11-03 13:23 - 00000000 ____D () C:\Program Files\trend micro
2014-11-03 12:40 - 2014-11-03 12:40 - 00000000 ____D () C:\rsit
2014-11-03 10:14 - 2014-11-03 10:14 - 00281896 _____ () C:\WINDOWS\Minidump\110314-20265-01.dmp
2014-11-03 10:05 - 2014-11-03 10:05 - 00000512 _____ () C:\Users\TLC\Desktop\MBR.dat
2014-11-03 09:41 - 2014-11-03 09:41 - 00000468 _____ () C:\Users\TLC\Desktop\defogger_disable.log
2014-11-02 23:21 - 2014-11-03 08:32 - 00000000 ____D () C:\Users\TLC\Desktop\tdsskiller
2014-11-02 23:20 - 2014-11-02 23:20 - 04163057 _____ () C:\Users\TLC\Desktop\tdsskiller.zip
2014-11-02 23:09 - 2014-11-02 23:09 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-02 22:40 - 2014-11-02 22:40 - 00005779 _____ () C:\Users\TLC\Desktop\RKreport_SCN_11022014_223741.log
2014-11-02 22:02 - 2014-11-02 22:02 - 00006363 _____ () C:\Users\TLC\Desktop\RogueKillerreport_SCN_11022014_215248.log
2014-11-02 21:45 - 2014-11-03 13:18 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-02 21:43 - 2014-11-03 15:40 - 00003114 _____ () C:\Users\TLC\Desktop\Rkill.txt
2014-11-02 21:37 - 2014-11-02 21:37 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\TLC\Desktop\sc-cleaner.exe
2014-11-02 20:49 - 2014-11-02 20:49 - 00688992 _____ (Swearware) C:\Users\TLC\Desktop\bho.com
2014-11-02 20:48 - 2014-11-02 20:48 - 00050477 _____ () C:\Users\TLC\Desktop\Defogger.exe
2014-11-02 20:45 - 2014-11-02 20:45 - 00688992 _____ (Swearware) C:\Users\TLC\Desktop\dds (1).com
2014-11-02 10:32 - 2014-11-02 10:32 - 00118298 _____ () C:\Users\TLC\Desktop\Show-Hidden2.txt
2014-10-29 06:52 - 2014-10-29 06:52 - 00050477 _____ () C:\Users\TLC\Downloads\Defogger.exe
2014-10-29 06:51 - 2014-10-29 06:51 - 00688992 _____ (Swearware) C:\Users\TLC\Downloads\dds.com
2014-10-28 22:14 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-10-28 21:03 - 2014-10-28 21:03 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\TLC\Desktop\tdsskiller.exe
2014-10-28 20:31 - 2014-11-08 13:25 - 00149054 _____ () C:\Users\TLC\Desktop\Show-Hidden.txt
2014-10-28 20:30 - 2014-10-28 20:31 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\TLC\Desktop\show-hidden.exe
2014-10-28 20:05 - 2014-10-28 20:05 - 00000000 ____D () C:\Program Files\Reason
2014-10-28 20:04 - 2014-10-28 20:04 - 02515504 _____ (Reason Company Software Inc.) C:\Users\TLC\Desktop\herdProtectScan_Setup.exe
2014-10-28 19:39 - 2014-10-28 19:39 - 00000000 ____D () C:\Users\TLC\AppData\Local\GlassWire
2014-10-28 19:32 - 2014-11-03 08:32 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2014-10-28 19:32 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2014-10-28 19:32 - 2014-10-28 19:32 - 00001887 _____ () C:\Users\TLC\Desktop\GlassWire.lnk
2014-10-28 19:32 - 2014-10-28 19:32 - 00000000 ____D () C:\ProgramData\GlassWire
2014-10-28 19:32 - 2014-10-23 01:58 - 00008704 _____ () C:\WINDOWS\system32\Drivers\gwdrv.cat
2014-10-28 19:32 - 2014-10-22 01:27 - 00032784 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2014-10-28 19:30 - 2014-10-28 19:30 - 16336192 _____ (SecureMix LLC) C:\Users\TLC\Desktop\GlassWireSetup.exe
2014-10-28 16:45 - 2014-10-28 16:45 - 00001397 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-28 16:42 - 2014-10-28 16:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\TLC\Desktop\spybot-2.4.exe
2014-10-28 15:56 - 2014-11-03 08:32 - 00000000 ____D () C:\Users\TLC\Desktop\SysinternalsSuite
2014-10-28 15:55 - 2014-10-28 15:55 - 13708848 _____ () C:\Users\TLC\Desktop\SysinternalsSuite.zip
2014-10-28 13:59 - 2014-11-02 19:43 - 00012621 _____ () C:\Users\TLC\Desktop\New Text Document.txt
2014-10-28 13:03 - 2014-11-03 08:32 - 00000000 ____D () C:\Users\TLC\Desktop\Autoruns
2014-10-28 13:01 - 2014-10-28 13:01 - 00511633 _____ () C:\Users\TLC\Desktop\Autoruns.zip
2014-10-27 13:46 - 2014-11-03 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 13:46 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 13:46 - 2014-11-02 23:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 13:46 - 2014-10-27 13:46 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-27 13:46 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-27 13:46 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-27 13:46 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-27 13:44 - 2014-10-27 13:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\TLC\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-27 13:41 - 2014-11-10 14:06 - 00013630 _____ () C:\Users\TLC\Desktop\problems.txt
2014-10-27 12:36 - 2014-10-27 12:36 - 00000790 _____ () C:\Users\TLC\ever.wpl
2014-10-27 05:10 - 2014-10-27 05:23 - 00000000 ____D () C:\Users\TLC\Desktop\SGREPORT6
2014-10-27 05:09 - 2014-10-27 05:20 - 00000000 ____D () C:\Users\TLC\Desktop\BabysitterMassacre
2014-10-27 05:09 - 2014-10-27 05:15 - 00000000 ____D () C:\Users\TLC\Desktop\TheJanitor
2014-10-27 03:59 - 2014-10-27 04:00 - 00000000 ____D () C:\Users\TLC\Desktop\Gefangene Frauen (1980) – as NALahaie
2014-10-27 03:57 - 2014-10-27 03:58 - 00000000 ____D () C:\Users\TLC\Desktop\Paul Raymond's
2014-10-27 03:49 - 2014-10-27 03:49 - 08684896 _____ () C:\Users\TLC\Downloads\ilsa-romay-01-hi.mp4
2014-10-27 03:48 - 2014-10-27 03:48 - 08783513 _____ () C:\Users\TLC\Downloads\ilsa-romay-02b-hi.mp4
2014-10-27 03:38 - 2014-10-27 03:38 - 00000000 ____D () C:\Users\TLC\Desktop\Mansion of the Living Dead (1985) … Candy
2014-10-27 03:17 - 2014-11-07 18:42 - 00000000 ____D () C:\Users\TLC\Desktop\FemaleVampire
2014-10-26 02:00 - 2014-10-26 02:00 - 00001142 _____ () C:\Users\Public\Desktop\DVDFab 9 US.lnk
2014-10-26 01:58 - 2014-10-26 01:58 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\12206
2014-10-24 06:31 - 2014-10-24 06:31 - 00003586 _____ () C:\Users\TLC\Desktop\bestever.wpl
2014-10-23 13:34 - 2014-11-03 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-23 13:34 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-23 13:34 - 2014-10-23 13:34 - 00001859 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-23 06:23 - 2014-10-23 06:23 - 00003136 _____ () C:\WINDOWS\System32\Tasks\{00D2030C-4B01-403E-84CB-1D2DE58D5BF3}
2014-10-22 16:45 - 2014-10-22 16:45 - 00000000 ____D () C:\Users\TLC\AppData\Local\Integrad.3
2014-10-22 14:07 - 2014-11-10 13:03 - 00000000 ____D () C:\Users\TLC\Desktop\NEW
2014-10-22 06:14 - 2014-10-22 06:14 - 06613509 _____ () C:\Users\TLC\Downloads\train-konig2-hi.mp4
2014-10-22 06:11 - 2014-10-22 06:11 - 06805679 _____ () C:\Users\TLC\Downloads\train-engel2-hi.mp4
2014-10-22 06:10 - 2014-10-22 06:10 - 06822204 _____ () C:\Users\TLC\Downloads\train-bienert3-hi.mp4
2014-10-21 17:22 - 2014-11-03 08:32 - 00000000 ___RD () C:\Users\TLC\Desktop\SSTendinopathy
2014-10-21 10:44 - 2014-11-03 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-21 10:44 - 2014-10-21 10:44 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-21 10:43 - 2014-11-03 08:32 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-21 10:43 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files\iTunes
2014-10-21 10:43 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files\iPod
2014-10-21 10:43 - 2014-11-03 08:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-21 10:42 - 2014-10-21 10:42 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Apple Computer
2014-10-21 10:42 - 2014-10-21 10:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple Computer
2014-10-21 10:42 - 2014-10-21 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Apple Computer
2014-10-21 10:42 - 2014-10-21 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple Computer
2014-10-21 02:09 - 2014-10-21 02:09 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EC.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EB.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FE.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FD.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 01:33 - 2014-08-25 04:25 - 00000000 ____D () C:\ProgramData\pdf995
2014-11-15 01:33 - 2014-08-09 02:01 - 00000000 ____D () C:\ProgramData\Atheros
2014-11-15 01:33 - 2014-08-02 06:25 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-15 01:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-15 01:33 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-15 01:33 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-11-15 00:12 - 2013-12-16 17:09 - 00000000 ____D () C:\FRST
2014-11-15 00:10 - 2014-03-18 05:02 - 00906898 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 00:02 - 2014-08-17 15:36 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-11-14 23:59 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-14 23:57 - 2014-08-13 01:14 - 01564243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-14 23:57 - 2014-05-01 19:09 - 00000000 ____D () C:\Users\TLC
2014-11-14 23:57 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-14 23:55 - 2014-08-23 20:29 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SWEETHOMEAL-TLC SweetHomeAl
2014-11-14 23:45 - 2013-11-04 10:59 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1728614643-3146882776-3930629701-1001
2014-11-14 23:41 - 2013-11-04 11:56 - 00000000 __RDO () C:\Users\TLC\OneDrive
2014-11-14 23:39 - 2014-08-16 22:31 - 00067486 _____ () C:\WINDOWS\PFRO.log
2014-11-14 23:39 - 2013-12-12 22:16 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-11-14 23:21 - 2014-04-21 20:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-14 23:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-14 20:38 - 2014-08-13 09:31 - 00515160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-14 20:36 - 2013-12-19 17:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 17:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-12 21:02 - 2014-08-24 04:06 - 00000000 ____D () C:\Users\TLC\Desktop\Dr. G 5158
2014-11-12 19:29 - 2014-01-29 18:01 - 00000000 ____D () C:\Users\TLC\Documents\My Kindle Content
2014-11-12 13:04 - 2014-08-25 04:25 - 00000060 _____ () C:\WINDOWS\wpd99.drv
2014-11-12 11:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-12 09:32 - 2014-10-15 12:35 - 00003035 _____ () C:\WINDOWS\SecuniaPackage.log
2014-11-12 09:32 - 2014-04-21 20:00 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-12 09:08 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-12 08:58 - 2013-11-04 16:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 08:56 - 2013-11-04 16:09 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 08:56 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-11 16:12 - 2014-09-14 08:40 - 00000000 ___RD () C:\Users\TLC\Desktop\GCUAcademicsAndFinancialAndCorrespondencesAndAllThingsRelatedFall2014
2014-11-11 16:06 - 2014-08-08 23:26 - 00000000 ____D () C:\Users\TLC\AppData\Local\Deployment
2014-11-11 15:55 - 2013-11-04 10:52 - 00000000 ____D () C:\Users\TLC\AppData\Local\Packages
2014-11-11 13:35 - 2014-01-29 16:54 - 00000000 ___RD () C:\Users\TLC\Desktop\Resumes, Writings,TFAAndNYFellowship
2014-11-08 15:22 - 2014-09-14 09:23 - 00000000 ___RD () C:\Users\TLC\Desktop\ComputerRelated
2014-11-08 14:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-08 04:54 - 2013-11-04 18:08 - 00000000 ____D () C:\Users\TLC\AppData\Local\CrashDumps
2014-11-07 16:46 - 2014-04-26 06:54 - 00000441 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-11-07 16:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-11-03 10:34 - 2013-11-09 23:42 - 00000000 ____D () C:\AdwCleaner
2014-11-03 10:14 - 2014-08-18 16:58 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-03 10:14 - 2014-08-18 16:57 - 792583278 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-03 08:32 - 2014-08-24 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 08:32 - 2014-08-18 15:55 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-03 08:32 - 2014-08-13 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9 US
2014-11-03 08:32 - 2014-08-13 09:28 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 US
2014-11-03 08:32 - 2014-05-07 11:22 - 00000000 ____D () C:\Users\TLC\AppData\Local\Intel_Corporation
2014-11-03 08:32 - 2013-11-13 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-03 08:32 - 2013-11-13 00:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-03 08:32 - 2013-11-04 21:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-03 08:32 - 2013-11-04 21:37 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-03 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-02 21:37 - 2014-08-18 15:52 - 00001778 _____ () C:\sc-cleaner.txt
2014-10-29 05:36 - 2014-05-01 19:09 - 00000000 ____D () C:\Users\BigBadJohn
2014-10-28 18:27 - 2013-11-13 00:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-28 16:45 - 2013-11-13 00:26 - 00001409 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-28 15:53 - 2013-12-19 17:32 - 00001101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 15:53 - 2013-12-19 17:32 - 00001089 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-27 11:16 - 2013-11-15 17:50 - 00015360 _____ () C:\Users\TLC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-24 03:30 - 2014-08-23 20:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-23 10:01 - 2013-11-07 00:00 - 00000000 ____D () C:\Users\TLC\Documents\Bluetooth Folder
2014-10-23 06:24 - 2014-08-13 02:15 - 00004216 _____ () C:\WINDOWS\setupact.log
2014-10-22 12:53 - 2014-10-15 02:09 - 00000000 ___RD () C:\Users\TLC\Desktop\Misc
2014-10-21 10:43 - 2014-09-11 19:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-21 10:43 - 2013-11-04 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-21 01:59 - 2014-10-01 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BorgataPoker
2014-10-21 01:59 - 2014-10-01 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BorgataCasino
2014-10-21 01:59 - 2014-10-01 16:45 - 00000000 ____D () C:\Program Files (x86)\GeoComply
2014-10-21 01:59 - 2014-09-25 13:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-10-21 01:59 - 2014-08-18 06:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-21 01:59 - 2014-03-15 04:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-21 01:59 - 2014-01-30 02:38 - 00000000 ____D () C:\Users\TLC\AppData\Local\Microsoft Help
2014-10-21 01:58 - 2014-10-15 01:59 - 00000000 ___RD () C:\Users\TLC\Desktop\Exam
2014-10-21 01:58 - 2014-10-04 15:00 - 00000000 ___RD () C:\Users\TLC\Desktop\Project5
2014-10-21 01:58 - 2014-09-25 13:20 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\SMART Technologies
2014-10-21 01:58 - 2014-09-20 18:15 - 00000000 ____D () C:\Users\TLC\AppData\Roaming\Audacity
2014-10-21 01:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-21 01:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-10-21 01:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-21 01:58 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing

Some content of TEMP:
====================
C:\Users\BigBadJohn\AppData\Local\Temp\lpuninstall.exe
C:\Users\TLC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TLC\AppData\Local\Temp\InstHelper.exe
C:\Users\TLC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\TLC\AppData\Local\Temp\sfareca00001.dll
C:\Users\TLC\AppData\Local\Temp\sfextra.dll
C:\Users\TLC\AppData\Local\Temp\SIInvoker.exe
C:\Users\TLC\AppData\Local\Temp\{35EAE36E-107F-4081-BA5A-F19271595D7A}.exe
C:\Users\TLC\AppData\Local\Temp\{AF561446-8B69-41AB-8CD8-665859CFD31B}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 06:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by TLC at 2014-11-15 00:14:21
Running from C:\Users\TLC\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\{10F0B906-1989-4F20-A93C-4C0F94C8DF9E}) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BorgataCasino (HKLM-x32\...\BorgataCasino) (Version:  - theBorgata)
BorgataPoker (HKLM-x32\...\BorgataPoker) (Version:  - theBorgata)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell System Detect (HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DVDFab 9.1.7.1 (17/10/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.)
GeoComply Browser Plugin (HKLM-x32\...\{CABAE48D-60FC-4845-8550-20A7928C1925}) (Version: 2.1.10.1 - GeoComply)
GlassWire 1.0 (remove only) (HKLM-x32\...\GlassWire 1.0) (Version: 1.0.28 - SecureMix LLC)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Pdf995 (HKLM-x32\...\Pdf995) (Version: 14.2s - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART English (United Kingdom) Language Pack (HKLM-x32\...\{8264804E-B6EA-4069-82E8-B76C791C8819}) (Version: 11.4.27.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.721.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)
SMART Response Software (HKLM-x32\...\{351B2133-C2A9-40A6-B6E8-B8468BD91D1A}) (Version: 4.8.497.0 - SMART Technologies ULC)
SMART Sync Teacher (HKLM-x32\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1042 - SUPERAntiSpyware.com)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Tropicana Atlantic City Online Geolocation Plugin (HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\...\Tropicana Atlantic City Online Geolocation Plugin) (Version: 2.1.10.1.14 - Gamesys Ltd)
Tweaking.com - Hardware Identify (HKLM-x32\...\Tweaking.com - Hardware Identify) (Version: 1.3.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.6 - Tweaking.com)
Umbrella Roaming Client (HKLM-x32\...\{6DE93FDE-5CB1-4DE8-A0F5-007B32331659}) (Version: 1.6.53.0 - OpenDNS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1728614643-3146882776-3930629701-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\TLC\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-11-2014 04:08:33 Installed HiJackThis
03-11-2014 12:22:51 Restore Operation
07-11-2014 23:49:20 Installed Umbrella Roaming Client
12-11-2014 13:52:55 Windows Update
14-11-2014 19:59:16 Removed Java 7 Update 71 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2014-08-18 04:22 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1543054A-8FEF-434B-AC88-E365F5575057} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SWEETHOMEAL-TLC SweetHomeAl => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {2BAA7D78-7743-479E-8058-061A86D27BC6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {2EF7EF74-2B61-43BC-8F62-D394D92A4EA0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1728614643-3146882776-3930629701-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {3722A8B2-4CB7-4EDB-909F-4C9B2C980C7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3FF84016-7355-4686-B8E7-29366A52707C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {40370AFF-1B40-439F-8A33-B8D31581AB75} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {8BE81439-DD04-4B19-AD82-1AE307EFBF9C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {9E21C6B7-74E6-49EA-8BC3-4A2DBBC32AEA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {A6D9F86E-F4FC-4978-93C1-2C4AE19D1BC5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {B801E9A6-9FAE-4CBD-AC35-440086B60735} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {ED8B966E-9AF6-4CE0-A146-95B674FDFF9A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-10-24 03:28 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-30 10:58 - 2014-10-30 10:58 - 00452622 _____ () C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\dnscrypt-proxy.exe
2014-10-30 10:58 - 2014-10-30 10:58 - 01134180 _____ () C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\libldns-1.dll
2014-10-30 10:58 - 2014-10-30 10:58 - 00039940 _____ () C:\Program Files (x86)\OpenDNS\Umbrella Roaming Client\libdcplugin_erc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\TLC\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37945327.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82375923.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87699313.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37945327.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82375923.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87699313.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Umbrella_RC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SBAMTray"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "emsisoft anti-malware"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ResponseConnectorService"
HKLM\...\StartupApproved\Run32: => "sbsdk-server"
HKLM\...\StartupApproved\Run32: => "SMART Board Service"
HKLM\...\StartupApproved\Run32: => "SMART Floating Tools"
HKLM\...\StartupApproved\Run32: => "SMARTClassroomCoordinator.exe"
HKLM\...\StartupApproved\Run32: => "SMARTNotification"
HKLM\...\StartupApproved\Run32: => "Response Desktop Menu"
HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"
HKLM\...\StartupApproved\Run32: => "SMART Ink"
HKCU\...\StartupApproved\Run: => "DellSystemDetect"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

========================= Accounts: ==========================

Administrator (S-1-5-21-1728614643-3146882776-3930629701-500 - Administrator - Disabled)
BigBadJohn (S-1-5-21-1728614643-3146882776-3930629701-1004 - Limited - Enabled) => C:\Users\BigBadJohn
Guest (S-1-5-21-1728614643-3146882776-3930629701-501 - Limited - Disabled)
TLC (S-1-5-21-1728614643-3146882776-3930629701-1001 - Administrator - Enabled) => C:\Users\TLC

==================== Faulty Device Manager Devices =============

Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 11:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x8b8
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
Faulting package full name: SDUpdate.exe4
Faulting package-relative application ID: SDUpdate.exe5

Error: (11/14/2014 10:56:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.exe version 6.3.9600.17284 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15fc

Start Time: 01d000873e56ed45

Termination Time: 10658

Application Path: C:\WINDOWS\Explorer.exe

Report Id: 653ded18-6c7b-11e4-bee3-f01faf0ad82d

Faulting package full name:

Faulting package-relative application ID:

Error: (11/14/2014 10:50:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17284 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4f8

Start Time: 01d00085b654843f

Termination Time: 2693

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 7a4be403-6c7a-11e4-bee3-f01faf0ad82d

Faulting package full name:

Faulting package-relative application ID:

Error: (11/14/2014 10:48:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/14/2014 10:48:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/14/2014 10:44:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x4c0
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3
Faulting package full name: SDUpdate.exe4
Faulting package-relative application ID: SDUpdate.exe5

Error: (11/14/2014 10:41:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Java 7 Update 71 (64-bit)). Additional information: 0x80070005.

Error: (11/14/2014 10:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/14/2014 10:15:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/14/2014 10:15:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SWEETHOMEAL)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.


System errors:
=============
Error: (11/15/2014 00:14:32 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:32 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:26 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:26 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:22 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:22 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:13 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:14:13 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/15/2014 00:13:03 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/15/2014 00:12:53 AM) (Source: DCOM) (EventID: 10005) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (11/14/2014 11:45:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f718b801d0008efe99d8d5C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll41c9fcc2-6c82-11e4-bee4-f01faf0ad82d

Error: (11/14/2014 10:56:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.exe6.3.9600.1728415fc01d000873e56ed4510658C:\WINDOWS\Explorer.exe653ded18-6c7b-11e4-bee3-f01faf0ad82d

Error: (11/14/2014 10:50:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.172844f801d00085b654843f2693C:\WINDOWS\Explorer.EXE7a4be403-6c7a-11e4-bee3-f01faf0ad82d

Error: (11/14/2014 10:48:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (11/14/2014 10:48:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142

Error: (11/14/2014 10:44:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDUpdate.exe2.4.40.9453ad3eeeKERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f714c001d0008669a942efC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllb655f6a1-6c79-11e4-bee3-f01faf0ad82d

Error: (11/14/2014 10:41:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Java 7 Update 71 (64-bit)0x80070005

Error: (11/14/2014 10:15:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927142

Error: (11/14/2014 10:15:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SWEETHOMEAL)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927142

Error: (11/14/2014 10:15:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SWEETHOMEAL)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel


CodeIntegrity Errors:
===================================
  Date: 2014-11-08 04:51:50.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\Dell.WelcomeGuide.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2014-10-29 03:06:42.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-20 19:53:51.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:50:29.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:46:11.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:43:30.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:40:38.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:39:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:37:07.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:32:28.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2127U @ 1.90GHz
Percentage of memory in use: 9%
Total physical RAM: 8073.27 MB
Available physical RAM: 7283.73 MB
Total Pagefile: 16265.27 MB
Available Pagefile: 15562.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.51 GB) (Free:58.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F5C090C)

Partition: GPT Partition Type.

==================== End Of Log ============================Attached File  summary.zip   75.86KB   2 downloads



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 15 November 2014 - 03:24 PM

Hi Eric,

Thanks for using Safe Mode. Continue to do so until we can run things successfully in Normal Boot.

Here is what I would like you to do.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Winlogon: [Userinit]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name -> {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} ->  No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EC.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EB.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FE.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FD.tmp
C:\Users\BigBadJohn\AppData\Local\Temp\lpuninstall.exe
C:\Users\TLC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TLC\AppData\Local\Temp\InstHelper.exe
C:\Users\TLC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\TLC\AppData\Local\Temp\sfareca00001.dll
C:\Users\TLC\AppData\Local\Temp\sfextra.dll
C:\Users\TLC\AppData\Local\Temp\SIInvoker.exe
C:\Users\TLC\AppData\Local\Temp\{35EAE36E-107F-4081-BA5A-F19271595D7A}.exe
C:\Users\TLC\AppData\Local\Temp\{AF561446-8B69-41AB-8CD8-665859CFD31B}.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Folder: C:\Users\TLC\AppData\Roaming\16403
Folder: C:\Users\TLC\AppData\Roaming\12206
File: C:\Users\TLC\Desktop\Promise-backend.js
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 November 2014 - 03:20 PM

Hi Gary,

Thanks again for your help. I ran everything in SAFE MODE because they would not run in "normal" mode. Just about everything on my computer runs in normal mode, however, all of the security tools that I downloaded will not. Why is that?
Also, I mentioned in my OP that I have about 800 files, that are "hidden." Also, the hidden files are common file names, e.g., "Windows Communication Apps", etc. They are not the common operating system files that one would think are suppossed to be hidden. Lastly, a buddy of mine told me to check if I had a lot of strange-looking ".js" files and I do. I searched in the search bar that appears on the right hand-side of the computer that opens if you swipe by the right side of the desktop. It seems that I have over 5000 of them and most are related to the "hidden" files. I don't know if that tells you anything but I thought I'd provide you with as much information that I can, as perhaps some of it might prove useful. As for the computer, it still seems very slow, i.e., typing lag, takes forever to boot up, although the last time may have been somewhat quicker.

Thanks,
 Eric

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by TLC at 2014-11-16 14:11:14 Run:1
Running from C:\Users\TLC\Desktop
Loaded Profile: TLC (Available profiles: TLC & BigBadJohn)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKLM\...\Winlogon: [Userinit]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {FB137D49-8D7C-4C63-A690-F87BF3670197} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: No Name -> {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} ->  No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll No File
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [X]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [X]
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EC.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\RENE0EB.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FE.tmp
2014-10-21 02:09 - 2014-10-21 02:09 - 00000000 _____ () C:\WINDOWS\system32\REN68FD.tmp
C:\Users\BigBadJohn\AppData\Local\Temp\lpuninstall.exe
C:\Users\TLC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TLC\AppData\Local\Temp\InstHelper.exe
C:\Users\TLC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\TLC\AppData\Local\Temp\sfareca00001.dll
C:\Users\TLC\AppData\Local\Temp\sfextra.dll
C:\Users\TLC\AppData\Local\Temp\SIInvoker.exe
C:\Users\TLC\AppData\Local\Temp\{35EAE36E-107F-4081-BA5A-F19271595D7A}.exe
C:\Users\TLC\AppData\Local\Temp\{AF561446-8B69-41AB-8CD8-665859CFD31B}.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Folder: C:\Users\TLC\AppData\Roaming\16403
Folder: C:\Users\TLC\AppData\Roaming\12206
File: C:\Users\TLC\Desktop\Promise-backend.js
*****************

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1728614643-3146882776-3930629701-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB137D49-8D7C-4C63-A690-F87BF3670197}" => Key deleted successfully.
"HKCR\CLSID\{FB137D49-8D7C-4C63-A690-F87BF3670197}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC0E8AD7-13AA-4694-8EDD-0246BC47A35F}" => Key deleted successfully.
"HKCR\CLSID\{BC0E8AD7-13AA-4694-8EDD-0246BC47A35F}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{A924C17A-5E94-4E02-BED5-49720BA6F7FA} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{A924C17A-5E94-4E02-BED5-49720BA6F7FA}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\vipresg" => Key deleted successfully.
"HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6}" => Key not found.
ESProtectionDriver => Service deleted successfully.
SASDIFSV => Service deleted successfully.
SASKUTIL => Service deleted successfully.
C:\WINDOWS\system32\RENE0EC.tmp => Moved successfully.
C:\WINDOWS\system32\RENE0EB.tmp => Moved successfully.
C:\WINDOWS\system32\REN68FE.tmp => Moved successfully.
C:\WINDOWS\system32\REN68FD.tmp => Moved successfully.
C:\Users\BigBadJohn\AppData\Local\Temp\lpuninstall.exe => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\InstHelper.exe => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\sfareca00001.dll => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\sfextra.dll => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\SIInvoker.exe => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\{35EAE36E-107F-4081-BA5A-F19271595D7A}.exe => Moved successfully.
C:\Users\TLC\AppData\Local\Temp\{AF561446-8B69-41AB-8CD8-665859CFD31B}.exe => Moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.

========================= Folder: C:\Users\TLC\AppData\Roaming\16403 ========================


====== End of Folder: ======


========================= Folder: C:\Users\TLC\AppData\Roaming\12206 ========================


====== End of Folder: ======


========================= File: C:\Users\TLC\Desktop\Promise-backend.js ========================

MD5: E521AE09E7F0102EB649F08025A3A24B
Creation and modification date: 2014-11-08 14:34 - 2014-11-08 14:34
Size: 0031122
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======


==== End of Fixlog ====

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 Pro with Media Center x64
Ran by TLC on Sun 11/16/2014 at 14:14:46.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\TLC\AppData\Roaming\pcdr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/16/2014 at 14:36:55.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 16 November 2014 - 04:04 PM

Hi Eric,

Thank you for the informtion. This is a multi-step process, at least!

Please do this next.

===================================================

MBR Dump Using Farbar's Recvovery Scan Tool in the Recovery Environment

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
SaveMbr: Drive=0
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (mbrdump.txt) on the flash drive. Please attach it to your reply. If you open the file you will not be able to read it.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached mbrdump.txt file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 November 2014 - 09:26 PM

Hi Gary,

Thanks again for your help. I hope that I did this correctly.

 

EricAttached File  MBRDUMP.txt   512bytes   6 downloads



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 16 November 2014 - 10:01 PM

Thanks Eric, you did a good job.

We are going to run Rkill first to try to allow us to run the tools in Normal Mode. If that doesn't work run the other steps in Same Mode.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\TLC\Desktop\Promise-backend.js
EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill log
  • Fixlog
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 16 November 2014 - 11:12 PM

Hi Gary,
Rkill was able to run in normal mode. RogueKiller was able to run in normal mode. However, FRST, had to be run in SAFEMODE. Also, another thing, when I run "sigcheck -e -u -s C:\Windows" I have, literally, hundreds and hundreds of unsigned files. Again, I don't know if that is any help to you but I thought I'd provide any information that might be related.
Thanks again for your help.

Eric
 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2014 10:20:47 PM in x64 mode.
Windows Version: Windows 8.1 Pro with Media Center

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * E1G60 [Missing Service]
 * HdAudAddService [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 11/16/2014 10:21:01 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)
 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03
Ran by TLC at 2014-11-16 22:52:50 Run:3
Running from C:\Users\TLC\Desktop
Loaded Profile: TLC (Available profiles: TLC & BigBadJohn)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
C:\Users\TLC\Desktop\Promise-backend.js
EmptyTemp:
*****************

C:\Users\TLC\Desktop\Promise-backend.js => Moved successfully.
EmptyTemp: => Removed 710.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : TLC [Administrator]
Mode : Scan -- Date : 11/16/2014  22:34:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1728614643-3146882776-3930629701-1001\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A78DAEE1-F980-41F5-82AD-210C4FD6C6D8} | DhcpNameServer : 216.168.3.53 216.168.3.54 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F1E4A23A-AE5D-4AEA-8A37-3B164516667B} | DhcpNameServer : 10.2.30.144 10.2.30.8 4.2.2.2 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A78DAEE1-F980-41F5-82AD-210C4FD6C6D8} | DhcpNameServer : 216.168.3.53 216.168.3.54 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F1E4A23A-AE5D-4AEA-8A37-3B164516667B} | DhcpNameServer : 10.2.30.144 10.2.30.8 4.2.2.2 [(Private Address) (XX)][(Private Address) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 87a8aea02a02b5824a36e48436682153
[BSP] 5f098a2ac3604136421232d5f9139081 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: UFD 3.0 Silicon-Power32G USB Device +++++
--- User ---
[MBR] 7b1455697ab04b3a0bfb25a783aecb26
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 96 | Size: 30719 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_08182014_170354.log - RKreport_SCN_11022014_215248.log - RKreport_SCN_11022014_223741.log - RKreport_SCN_11022014_224611.log
RKreport_SCN_11022014_225041.log - RKreport_SCN_11022014_225510.log - RKreport_SCN_11022014_233710.log - RKreport_SCN_11032014_132135.log



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 16 November 2014 - 11:18 PM

Could you post a few of the file names.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 November 2014 - 05:11 AM

Hi Gary,

This is just a sampling of the unsigned files. It is still a very large amount so just peruse it and if you see something fishy then, maybe take a closer look. I don't mean to overwhelm you but I figure better to provide too much info. than too little. The list is only unsigned "Windows" files. Also, my internet connection seems to cut out every five minutes for about thirty seconds, and that process repeats itself all day long.

Thanks again for your help.

Eric




c:\Windows\grep.exe:
    Verified:    Unsigned
c:\Windows\MBR.exe:
    Verified:    Unsigned
c:\Windows\NIRCMD.exe:
    Verified:    Unsigned
c:\Windows\PEV.exe:
    Verified:    Unsigned
c:\Windows\sed.exe:
    Verified:    Unsigned
c:\Windows\SWREG.exe:
    Verified:    Unsigned
c:\Windows\SWSC.exe:
    Verified:    Unsigned
c:\Windows\SWXCACLS.exe:
    Verified:    Unsigned
c:\Windows\zip.exe:
    Verified:    Unsigned
c:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\IACore\1.9.5230.0__31bf3856ad364e35\IACore.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\IALoader\1.9.5230.0__31bf3856ad364e35\IALoader.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL:
    Verified:    Unsigned
c:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Excel.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Outlook.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Word.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Office.Excel.AddInProxy.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll:
    Verified:    Unsigned
c:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0\9.0.0.0__b03f5f7f11d50a3a

\Microsoft.VisualStudio.Tools.Office.Word.AddInProxy.v9.0.dll:
    Verified:    Unsigned
c:\Windows\erdnt\cache64\asyncmac.sys:
    Verified:    Unsigned
    Link date:    9:28 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    MS Remote Access serial network driver
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\browser.dll:
    Verified:    Unsigned
    Link date:    7:05 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Computer Browser Service DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\comctl32.dll:
    Verified:    Unsigned
    Link date:    4:49 PM 7/5/2013
    Publisher:    Microsoft Corporation
    Description:    User Experience Controls Library
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.10 (winblue_rtm.130821-1623)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\comres.dll:
    Verified:    Unsigned
    Link date:    9:33 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    COM+ Resources
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    2001.12.10130.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\cryptsvc.dll:
    Verified:    Unsigned
    Link date:    9:18 PM 7/12/2013
    Publisher:    Microsoft Corporation
    Description:    Cryptographic Services
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16666
    File version:    6.2.9200.16666 (win8_gdr.130712-1604)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\ctfmon.exe:
    Verified:    Unsigned
    Link date:    9:07 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    CTF Loader
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\es.dll:
    Verified:    Unsigned
    Link date:    6:50 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    COM+
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    2001.12.10130.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\hnetcfg.dll:
    Verified:    Unsigned
    Link date:    6:22 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Home Networking Configuration Manager
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\imm32.dll:
    Verified:    Unsigned
    Link date:    7:01 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Multi-User Windows IMM32 API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\kernel32.dll:
    Verified:    Unsigned
    Link date:    6:15 PM 5/30/2013
    Publisher:    Microsoft Corporation
    Description:    Windows NT BASE API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16627
    File version:    6.2.9200.16627 (win8_gdr.130530-1548)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\lsass.exe:
    Verified:    Unsigned
    Link date:    11:30 PM 9/19/2012
    Publisher:    Microsoft Corporation
    Description:    Local Security Authority Process
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16420
    File version:    6.2.9200.16420 (win8_gdr.120919-1813)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\mshtml.dll:
    Verified:    Unsigned
    Link date:    9:18 PM 10/24/2013
    Publisher:    Microsoft Corporation
    Description:    Microsoft ® HTML Viewer
    Product:    Windows® Internet Explorer
    Prod version:    10.00.9200.16750
    File version:    10.00.9200.16750 (win8_gdr.131024-1532)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\msimg32.dll:
    Verified:    Unsigned
    Link date:    7:09 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    GDIEXT Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\msvcrt.dll:
    Verified:    Unsigned
    Link date:    9:32 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows NT CRT DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    7.0.9200.16384
    File version:    7.0.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\mswsock.dll:
    Verified:    Unsigned
    Link date:    10:28 PM 10/10/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft Windows Sockets 2.0 Service Provider
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\netlogon.dll:
    Verified:    Unsigned
    Link date:    7:02 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Net Logon Services DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\netman.dll:
    Verified:    Unsigned
    Link date:    6:23 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Network Connections Manager
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\null.sys:
    Verified:    Unsigned
    Link date:    9:30 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    NULL Driver
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\powrprof.dll:
    Verified:    Unsigned
    Link date:    7:06 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Power Profile Helper DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\qmgr.dll:
    Verified:    Unsigned
    Link date:    7:18 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Background Intelligent Transfer Service
    Product:    Microsoft® Windows® Operating System
    Prod version:    7.6.9200.16384
    File version:    7.6.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\regsvc.dll:
    Verified:    Unsigned
    Link date:    7:06 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Remote Registry Service
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\rpcss.dll:
    Verified:    Unsigned
    Link date:    6:53 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Distributed COM Services
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\scecli.dll:
    Verified:    Unsigned
    Link date:    7:00 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Security Configuration Editor Client Engine
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\sfc.dll:
    Verified:    Unsigned
    Link date:    9:32 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows File Protection
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\shsvcs.dll:
    Verified:    Unsigned
    Link date:    6:37 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Shell Services Dll
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\spoolsv.exe:
    Verified:    Unsigned
    Link date:    6:27 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Spooler SubSystem App
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\ssdpsrv.dll:
    Verified:    Unsigned
    Link date:    6:47 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    SSDP Service DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\svchost.exe:
    Verified:    Unsigned
    Link date:    11:23 PM 9/19/2012
    Publisher:    Microsoft Corporation
    Description:    Host Process for Windows Services
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16420
    File version:    6.2.9200.16420 (win8_gdr.120919-1813)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\tapisrv.dll:
    Verified:    Unsigned
    Link date:    8:13 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft® Windows™ Telephony Server
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\tdx.sys:
    Verified:    Unsigned
    Link date:    9:24 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    TDI Translation Driver
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\termsrv.dll:
    Verified:    Unsigned
    Link date:    6:43 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Remote Desktop Session Host Server Remote Connections Manager
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\user32.dll:
    Verified:    Unsigned
    Link date:    11:24 PM 9/19/2012
    Publisher:    Microsoft Corporation
    Description:    Multi-User Windows USER API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16420
    File version:    6.2.9200.16420 (win8_gdr.120919-1813)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\userinit.exe:
    Verified:    Unsigned
    Link date:    7:06 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Userinit Logon Application
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\usp10.dll:
    Verified:    Unsigned
    Link date:    9:31 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Uniscribe Unicode script processor
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\wininet.dll:
    Verified:    Unsigned
    Link date:    8:57 PM 10/24/2013
    Publisher:    Microsoft Corporation
    Description:    Internet Extensions for Win32
    Product:    Windows® Internet Explorer
    Prod version:    10.00.9200.16750
    File version:    10.00.9200.16750 (win8_gdr.131024-1532)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\wininit.exe:
    Verified:    Unsigned
    Link date:    7:03 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Start-Up Application
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache64\winlogon.exe:
    Verified:    Unsigned
    Link date:    10:15 PM 10/10/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Logon Application
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16433
    File version:    6.2.9200.16433 (win8_gdr.121010-1704)
    MachineType:    64-bit
c:\Windows\erdnt\cache86\appmgmts.dll:
    Verified:    Unsigned
    Link date:    8:56 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Software installation Service
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\comctl32.dll:
    Verified:    Unsigned
    Link date:    6:48 PM 7/2/2013
    Publisher:    Microsoft Corporation
    Description:    User Experience Controls Library
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.10 (winblue_rtm.130821-1623)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\ctfmon.exe:
    Verified:    Unsigned
    Link date:    9:12 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    CTF Loader
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\d3d9.dll:
    Verified:    Unsigned
    Link date:    9:18 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Direct3D 9 Runtime
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\ddraw.dll:
    Verified:    Unsigned
    Link date:    6:46 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft DirectDraw
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\dsound.dll:
    Verified:    Unsigned
    Link date:    8:53 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    DirectSound
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\es.dll:
    Verified:    Unsigned
    Link date:    6:50 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    COM+
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    2001.12.10130.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\ias.dll:
    Verified:    Unsigned
    Link date:    9:06 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Network Policy Server
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\imm32.dll:
    Verified:    Unsigned
    Link date:    9:27 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Multi-User Windows IMM32 API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\kernel32.dll:
    Verified:    Unsigned
    Link date:    6:08 PM 5/30/2013
    Publisher:    Microsoft Corporation
    Description:    Windows NT BASE API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16627
    File version:    6.2.9200.16627 (win8_gdr.130530-1548)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\mfc40u.dll:
    Verified:    Unsigned
    Link date:    12:35 AM 8/18/2001
    Publisher:    Microsoft Corporation
    Description:    MFCDLL Shared Library - Retail Version
    Product:    Microsoft ® Visual C++
    Prod version:    4.1.001
    File version:    4.1.6140
    MachineType:    32-bit
c:\Windows\erdnt\cache86\midimap.dll:
    Verified:    Unsigned
    Link date:    9:20 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft MIDI Mapper
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\mshtml.dll:
    Verified:    Unsigned
    Link date:    9:37 PM 10/24/2013
    Publisher:    Microsoft Corporation
    Description:    Microsoft ® HTML Viewer
    Product:    Windows® Internet Explorer
    Prod version:    10.00.9200.16750
    File version:    10.00.9200.16750 (win8_gdr.131024-1532)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\msimg32.dll:
    Verified:    Unsigned
    Link date:    7:11 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    GDIEXT Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\msvcrt.dll:
    Verified:    Unsigned
    Link date:    9:40 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows NT CRT DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    7.0.9200.16384
    File version:    7.0.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\mswsock.dll:
    Verified:    Unsigned
    Link date:    10:10 PM 10/10/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft Windows Sockets 2.0 Service Provider
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\netlogon.dll:
    Verified:    Unsigned
    Link date:    7:03 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Net Logon Services DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\olepro32.dll:
    Verified:    Unsigned
    Link date:    9:02 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    n/a
    Product:    n/a
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384
    MachineType:    32-bit
c:\Windows\erdnt\cache86\powrprof.dll:
    Verified:    Unsigned
    Link date:    7:07 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Power Profile Helper DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\rasadhlp.dll:
    Verified:    Unsigned
    Link date:    7:08 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Remote Access AutoDial Helper
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\regedit.exe:
    Verified:    Unsigned
    Link date:    8:14 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Registry Editor
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    64-bit
c:\Windows\erdnt\cache86\scecli.dll:
    Verified:    Unsigned
    Link date:    7:01 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Security Configuration Editor Client Engine
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\sfc.dll:
    Verified:    Unsigned
    Link date:    9:40 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows File Protection
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\shsvcs.dll:
    Verified:    Unsigned
    Link date:    6:40 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Shell Services Dll
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\svchost.exe:
    Verified:    Unsigned
    Link date:    11:08 PM 9/19/2012
    Publisher:    Microsoft Corporation
    Description:    Host Process for Windows Services
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16420
    File version:    6.2.9200.16420 (win8_gdr.120919-1813)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\tapisrv.dll:
    Verified:    Unsigned
    Link date:    8:20 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Microsoft® Windows™ Telephony Server
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\upnphost.dll:
    Verified:    Unsigned
    Link date:    6:23 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    UPnP Device Host
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\user32.dll:
    Verified:    Unsigned
    Link date:    11:10 PM 9/19/2012
    Publisher:    Microsoft Corporation
    Description:    Multi-User Windows USER API Client DLL
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16420
    File version:    6.2.9200.16420 (win8_gdr.120919-1813)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\userinit.exe:
    Verified:    Unsigned
    Link date:    7:08 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Userinit Logon Application
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\usp10.dll:
    Verified:    Unsigned
    Link date:    9:40 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Uniscribe Unicode script processor
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\version.dll:
    Verified:    Unsigned
    Link date:    9:26 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Version Checking and File Installation Libraries
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\wininet.dll:
    Verified:    Unsigned
    Link date:    8:19 PM 10/24/2013
    Publisher:    Microsoft Corporation
    Description:    Internet Extensions for Win32
    Product:    Windows® Internet Explorer
    Prod version:    10.00.9200.16750
    File version:    10.00.9200.16750 (win8_gdr.131024-1532)
    MachineType:    32-bit
c:\Windows\erdnt\cache86\WSHTCPIP.DLL:
    Verified:    Unsigned
    Link date:    9:39 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Winsock2 Helper DLL (TL/IPv4)
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.3.9600.16384
    File version:    6.3.9600.16384 (winblue_rtm.130821-1623)
    MachineType:    32-bit
c:\Windows\Installer\MSI552D.tmp:
    Verified:    Unsigned
    Link date:    11:46 AM 4/5/2002
    Publisher:    National Instruments
    Description:    WinNestInst
    Product:    National Instruments UM Satellite
    Prod version:    1, 1, 0, 1
    File version:    1, 1, 0, 1
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015\ul_msvcm80.dll.844EFBA7_1C24_93B2_FF1F_C8B3B9A1E18E:
    Verified:    Unsigned
    Link date:    1:27 AM 9/23/2005
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.42
    File version:    8.00.50727.42
    MachineType:    64-bit
c:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015\ul_msvcp80.dll.844EFBA7_1C24_93B2_FF1F_C8B3B9A1E18E:
    Verified:    Unsigned
    Link date:    1:28 AM 9/23/2005
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C++ Runtime Library
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.42
    File version:    8.00.50727.42
    MachineType:    64-bit
c:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015\ul_msvcr80.dll.844EFBA7_1C24_93B2_FF1F_C8B3B9A1E18E:
    Verified:    Unsigned
    Link date:    1:26 AM 9/23/2005
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.42
    File version:    8.00.50727.42
    MachineType:    64-bit
c:\Windows\Installer\$PatchCache$\Managed\1BF4A48A307DBD84980E866B94D98210\8.0.1\Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24:
    Verified:    Unsigned
    Link date:    5:19 AM 8/29/2000
    Publisher:    Microsoft Corporation
    Description:    Microsoft ® C++ Runtime Library
    Product:    Microsoft ® Visual C++
    Prod version:    6.00.8972.0
    File version:    6.00.8972.0
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\Accessibility.api_NON_OPT:
    Verified:    Unsigned
    Link date:    10:14 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat Accessibility Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\IA32.api:
    Verified:    Unsigned
    Link date:    10:16 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat Internet Access Plug-in
    Product:    Adobe Acrobat Internet Access
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\PDDom.api_NON_OPT:
    Verified:    Unsigned
    Link date:    10:17 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat PDDom Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\PPKLite.api:
    Verified:    Unsigned
    Link date:    10:17 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat Public-Key Security Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\SendMail.api:
    Verified:    Unsigned
    Link date:    10:18 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat SendMail Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\Spelling.api:
    Verified:    Unsigned
    Link date:    10:18 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat Spelling Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\Updater.api_NON_OPT:
    Verified:    Unsigned
    Link date:    10:18 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat Updater Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\weblink.api:
    Verified:    Unsigned
    Link date:    10:18 PM 9/23/2012
    Publisher:    Adobe Systems Incorporated
    Description:    Adobe Acrobat WebLink Plug-in
    Product:    Adobe Acrobat
    Prod version:    11.0.0.379
    File version:    11.0.0.379
    MachineType:    32-bit
c:\Windows\Installer\{10F0B906-1989-4F20-A93C-4C0F94C8DF9E}\ARPPRODUCTICON.exe:
    Verified:    Unsigned
    Link date:    11:43 PM 5/9/2008
    Publisher:    Acresso Software Inc.
    Description:    InstallShield
    Product:    InstallShield
    Prod version:    15.0
    File version:    15.0.498
    MachineType:    32-bit
c:\Windows\Installer\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}\AlienwareDesktopSh_5FC4E1AD090749B99909931B0A60EBB1.exe:
    Verified:    Unsigned
    Link date:    2:04 PM 6/10/2009
    Publisher:    Acresso Software Inc.
    Description:    InstallShield
    Product:    InstallShield
    Prod version:    16.0
    File version:    16.0.328
    MachineType:    32-bit
c:\Windows\Installer\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}\DellDesktopShortcu_08E7FA719C594D958F6859D6F7B26489.exe:
    Verified:    Unsigned
    Link date:    2:04 PM 6/10/2009
    Publisher:    Acresso Software Inc.
    Description:    InstallShield
    Product:    InstallShield
    Prod version:    16.0
    File version:    16.0.328
    MachineType:    32-bit
c:\Windows\Installer\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}\NewShortcut3_469F936004B64F5D9D3D06C10C329264.exe:
    Verified:    Unsigned
    Link date:    2:04 PM 6/10/2009
    Publisher:    Acresso Software Inc.
    Description:    InstallShield
    Product:    InstallShield
    Prod version:    16.0
    File version:    16.0.328
    MachineType:    32-bit
c:\Windows\Installer\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}\iTunesIco.exe:
    Verified:    Unsigned
    Link date:    7:48 AM 10/15/2014
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Prod version:    n/a
    File version:    n/a
    MachineType:    32-bit
c:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe:
    Verified:    Unsigned
    Link date:    5:16 PM 6/21/2011
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Prod version:    n/a
    File version:    n/a
    MachineType:    32-bit
c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll:
    Verified:    Unsigned
    Link date:    12:44 AM 5/14/2014
    Publisher:    Microsoft Corporation
    Description:    Microsoft® Silverlight Configuration Utility Resources
    Product:    Microsoft® Silverlight
    Prod version:    5.1.30514.0
    File version:    5.1.30514.0
    MachineType:    32-bit
c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDLL_64:
    Verified:    Unsigned
    Link date:    12:46 AM 5/14/2014
    Publisher:    Microsoft Corporation
    Description:    Microsoft® Silverlight Configuration Utility Resources
    Product:    Microsoft® Silverlight
    Prod version:    5.1.30514.0
    File version:    5.1.30514.0
    MachineType:    64-bit
c:\Windows\Microsoft.NET\assembly\GAC_MSIL\loadmxf\v4.0_6.2.0.0__31bf3856ad364e35\loadmxf.exe:
    Verified:    Unsigned
    Link date:    5:58 PM 7/25/2012
    Publisher:    Microsoft Corporation
    Description:    Windows Media Center MXF Loader
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.2.9200.16384
    File version:    6.2.9200.16384 (win8_rtm.120725-1247)
    MachineType:    32-bit
c:\Windows\System32\CNHMCAN.DLL:
    Verified:    Unsigned
    Link date:    6:22 PM 4/6/2012
    Publisher:    CANON INC.
    Description:    Canon Device Dependent Informations for Scanner Library
    Product:    Canon Device Dependent Informations for Scanner Library
    Prod version:    1.04
    File version:    1.04
    MachineType:    64-bit
c:\Windows\System32\pdf995mon64.dll:
    Verified:    Unsigned
    Link date:    1:18 PM 3/5/2014
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Prod version:    n/a
    File version:    n/a
    MachineType:    64-bit
c:\Windows\System32\pdf995mon64ui.dll:
    Verified:    Unsigned
    Link date:    5:29 PM 6/30/2005
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Prod version:    n/a
    File version:    n/a
    MachineType:    32-bit
c:\Windows\System32\pdfmona64.dll:
    Verified:    Unsigned
    Link date:    1:33 PM 1/16/2014
    Publisher:    TODO: <Company name>
    Description:    TODO: <File description>
    Product:    TODO: <Product name>
    Prod version:    1.0.0.1
    File version:    1.0.0.1
    MachineType:    64-bit
c:\Windows\System32\rars.rs:
    Verified:    Unsigned
    Link date:    11:51 PM 5/3/2013
    Publisher:    Microsoft
    Description:    Russian Age Rating System
    Product:    Russian Age Rating System
    Prod version:    1.0.0.1
    File version:    1.0.0.1
    MachineType:    64-bit
c:\Windows\System32\en-US\rars.rs.mui:
    Verified:    Unsigned
    Link date:    7:00 PM 12/31/1969
    Publisher:    Microsoft
    Description:    Russian Age Rating System
    Product:    Russian Age Rating System
    Prod version:    1.0.0.1
    File version:    1.0.0.1
    MachineType:    32-bit
c:\Windows\System32\oem\cmnd.exe:
    Verified:    Unsigned
    Link date:    11:02 AM 4/23/2009
    Publisher:    Dell Inc.
    Description:    Cmd
    Product:    Cmd
    Prod version:    1.0.0.0
    File version:    1.0.0.0
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\pdf995ps5ui64.DLL:
    Verified:    Unsigned
    Link date:    10:54 PM 3/24/2005
    Publisher:    Microsoft Corporation
    Description:    PostScript Driver User Interface
    Product:    Microsoft® Windows® Operating System
    Prod version:    5.2.3790.1830
    File version:    5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\Pdf995ui.dll:
    Verified:    Unsigned
    Link date:    11:23 PM 5/29/2004
    Publisher:    Microsoft Corporation
    Description:    PostScript Printer Driver User Interface
    Product:    Microsoft® Windows NT™ Operating System
    Prod version:    4.00
    File version:    4.00
    MachineType:    32-bit
c:\Windows\System32\spool\drivers\x64\pdf995ui5-64.DLL:
    Verified:    Unsigned
    Link date:    12:30 AM 11/8/2012
    Publisher:    Microsoft Corp.
    Description:    PS UI Replacement Sample
    Product:    Microsoft PS UI Replacement Sample
    Prod version:    1.1
    File version:    1, 0, 0, 1
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\Pscript.dll:
    Verified:    Unsigned
    Link date:    2:50 PM 1/22/1999
    Publisher:    Microsoft Corporation
    Description:    PostScript Printer Driver
    Product:    Microsoft® Windows NT™ Operating System
    Prod version:    4.00
    File version:    4.00
    MachineType:    32-bit
c:\Windows\System32\spool\drivers\x64\pscript5-64.dll:
    Verified:    Unsigned
    Link date:    8:09 AM 11/20/2010
    Publisher:    Microsoft Corporation
    Description:    PostScript Printer Driver
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.1.7601.17514
    File version:    6.1.7601.17514 (win7sp1_rtm.101119-1850)
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\3\pdf995ps5ui64.dll:
    Verified:    Unsigned
    Link date:    10:54 PM 3/24/2005
    Publisher:    Microsoft Corporation
    Description:    PostScript Driver User Interface
    Product:    Microsoft® Windows® Operating System
    Prod version:    5.2.3790.1830
    File version:    5.2.3790.1830 (srv03_sp1_rtm.050324-1447)
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\3\pdf995ui5-64.DLL:
    Verified:    Unsigned
    Link date:    12:30 AM 11/8/2012
    Publisher:    Microsoft Corp.
    Description:    PS UI Replacement Sample
    Product:    Microsoft PS UI Replacement Sample
    Prod version:    1.1
    File version:    1, 0, 0, 1
    MachineType:    64-bit
c:\Windows\System32\spool\drivers\x64\3\pscript5-64.dll:
    Verified:    Unsigned
    Link date:    8:09 AM 11/20/2010
    Publisher:    Microsoft Corporation
    Description:    PostScript Printer Driver
    Product:    Microsoft® Windows® Operating System
    Prod version:    6.1.7601.17514
    File version:    6.1.7601.17514 (win7sp1_rtm.101119-1850)
    MachineType:    64-bit
c:\Windows\SysWOW64\IusEventLog.dll:
    Verified:    Unsigned
    Link date:    6:59 AM 4/20/2012
    Publisher:    n/a
    Description:    n/a
    Product:    n/a
    Prod version:    n/a
    File version:    n/a
    MachineType:    64-bit
c:\Windows\SysWOW64\msvcp71.dll:
    Verified:    Unsigned
    Link date:    11:14 PM 3/18/2003
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C++ Runtime Library
    Product:    Microsoft® Visual Studio .NET
    Prod version:    7.10.3077.0
    File version:    7.10.3077.0
    MachineType:    32-bit
c:\Windows\SysWOW64\msvcr71.dll:
    Verified:    Unsigned
    Link date:    7:42 AM 2/21/2003
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio .NET
    Prod version:    7.10.3052.4
    File version:    7.10.3052.4
    MachineType:    32-bit
c:\Windows\SysWOW64\pdvcodec.dll:
    Verified:    Unsigned
    Link date:    1:49 AM 11/19/1999
    Publisher:    Matsubleepa Electric Industrial Co., Ltd.
    Description:    DV Video for Windows Driver
    Product:    Panasonic DV CODEC
    Prod version:    2, 64, 1119, 1600
    File version:    2, 64, 1119, 1600
    MachineType:    32-bit
c:\Windows\SysWOW64\QuickTime.qts:
    Verified:    Unsigned
    Link date:    4:03 PM 10/2/2014
    Publisher:    Apple Inc.
    Description:    QuickTime Client DLL
    Product:    QuickTime
    Prod version:    QuickTime 7.7.6 (1680.95.31)
    File version:    7.7.6 (1680.95.31)
    MachineType:    32-bit
c:\Windows\SysWOW64\QuickTimeVR.qtx:
    Verified:    Unsigned
    Link date:    4:03 PM 10/2/2014
    Publisher:    Apple Inc.
    Description:    QuickTimeVR DLL
    Product:    QuickTimeVR
    Prod version:    QuickTime 7.7.6 (1680.95.31)
    File version:    7.7.6 (1680.95.31)
    MachineType:    32-bit
c:\Windows\SysWOW64\rars.rs:
    Verified:    Unsigned
    Link date:    11:10 PM 5/3/2013
    Publisher:    Microsoft
    Description:    Russian Age Rating System
    Product:    Russian Age Rating System
    Prod version:    1.0.0.1
    File version:    1.0.0.1
    MachineType:    32-bit
c:\Windows\SysWOW64\tsccvid.dll:
    Verified:    Unsigned
    Link date:    2:46 PM 10/10/2002
    Publisher:    TechSmith Corporation
    Description:    TechSmith Screen Capture Codec
    Product:    TechSmith Screen Capture Codec
    Prod version:    2.0.3
    File version:    2.0.3
    MachineType:    32-bit
c:\Windows\SysWOW64\en-US\rars.rs.mui:
    Verified:    Unsigned
    Link date:    7:00 PM 12/31/1969
    Publisher:    Microsoft
    Description:    Russian Age Rating System
    Product:    Russian Age Rating System
    Prod version:    1.0.0.1
    File version:    1.0.0.1
    MachineType:    32-bit
c:\Windows\twain_32\sdc330Twain.ds:
    Verified:    Unsigned
    Link date:    12:06 PM 2/7/2013
    Publisher:    SMART Technologies
    Description:    SMART TWAIN FOR SDC330
    Product:    SMART TWAIN FOR SDC330
    Prod version:    3.0.17.0
    File version:    3.0.17.0
    MachineType:    32-bit
c:\Windows\twain_32\escndv\encm.dll:
    Verified:    Unsigned
    Link date:    4:05 AM 6/14/2004
    Publisher:    SEIKO EPSON
    Description:    EpsonNet Print2 Communication DLL
    Product:    EpsonNet Print2 Ver0.1a
    Prod version:    Version 0.1a
    File version:    0, 1, 0, 0
    MachineType:    32-bit
c:\Windows\twain_32\escndv\encmutil.dll:
    Verified:    Unsigned
    Link date:    4:05 AM 6/14/2004
    Publisher:    SEIKO EPSON
    Description:    EpsonNet Print2 Utility DLL
    Product:    EpsonNet Print2 Ver0.1a
    Prod version:    Version 0.1a
    File version:    0, 1, 0, 0
    MachineType:    32-bit
c:\Windows\twain_32\escndv\enll.dll:
    Verified:    Unsigned
    Link date:    4:05 AM 6/14/2004
    Publisher:    SEIKO EPSON
    Description:    EpsonNet Print2 Protocol Loader DLL
    Product:    EpsonNet Print2 Ver0.1a
    Prod version:    Version 0.1a
    File version:    0, 1, 0, 0
    MachineType:    32-bit
c:\Windows\twain_32\escndv\enludp.dll:
    Verified:    Unsigned
    Link date:    4:05 AM 6/14/2004
    Publisher:    SEIKO EPSON
    Description:    EpsonNet Print2 UDP Protocol DLL
    Product:    EpsonNet Print2 Ver0.1a
    Prod version:    Version 0.1a
    File version:    0, 1, 0, 0
    MachineType:    32-bit
c:\Windows\twain_32\escndv\esnetbg.dll:
    Verified:    Unsigned
    Link date:    7:41 PM 4/24/2005
    Publisher:    SEIKO EPSON CORP.
    Description:    EPSON Scan
    Product:    EPSON Scan
    Prod version:    1.2
    File version:    1.22
    MachineType:    32-bit
c:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f68b\msvcm90.dll:
    Verified:    Unsigned
    Link date:    11:24 PM 11/6/2007
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio® 2008
    Prod version:    9.00.21022.8
    File version:    9.00.21022.8
    MachineType:    64-bit
c:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_706fccb39ad7e580\mfcm90.dll:
    Verified:    Unsigned
    Link date:    12:20 AM 11/7/2007
    Publisher:    Microsoft Corporation
    Description:    MFC Managed Library - Retail Version
    Product:    Microsoft® Visual Studio® 2008
    Prod version:    9.00.21022.08
    File version:    9.00.21022.08
    MachineType:    64-bit
c:\Windows\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_706fccb39ad7e580\mfcm90u.dll:
    Verified:    Unsigned
    Link date:    12:20 AM 11/7/2007
    Publisher:    Microsoft Corporation
    Description:    MFC Managed Library - Retail Version
    Product:    Microsoft® Visual Studio® 2008
    Prod version:    9.00.21022.08
    File version:    9.00.21022.08
    MachineType:    64-bit
c:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll:
    Verified:    Unsigned
    Link date:    9:40 PM 7/11/2009
    Publisher:    Microsoft Corporation
    Description:    ATL Module for Windows (Unicode)
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.4053
    File version:    8.00.50727.4053
    MachineType:    32-bit
c:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll:
    Verified:    Unsigned
    Link date:    8:37 PM 5/13/2011
    Publisher:    Microsoft Corporation
    Description:    ATL Module for Windows (Unicode)
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.6195
    File version:    8.00.50727.6195
    MachineType:    32-bit
c:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll:
    Verified:    Unsigned
    Link date:    9:38 PM 7/11/2009
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio® 2005
    Prod version:    8.00.50727.4053
    File version:    8.00.50727.4053
    MachineType:    32-bit
c:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll:
    Verified:    Unsigned
    Link date:    8:30 PM 4/18/2011
    Publisher:    Microsoft Corporation
    Description:    Microsoft® C Runtime Library
    Product:    Microsoft® Visual Studio® 2008
    Prod version:    9.00.30729.6161
    File version:    9.00.30729.6161
    MachineType:    32-bit
c:\Windows\WinSxS\x86_smarttech.activation.vc100.1.0_e7e76aadd9f46776_1.0.11.0_none_910429ce1417394c\activation-vc100-mt-x86.dll:
    Verified:    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
    Link date:    3:00 PM 11/5/2013
    Publisher:    SMART Technologies ULC
    Description:    activation
    Product:    activation
    Prod version:    1.0.44.0
    File version:    1.0.44.0
    MachineType:    32-bit
c:\Windows\WinSxS\x86_smarttech.hwr.vc100.2.0_e7e76aadd9f46776_2.0.1.0_none_3d8fb68343ff874c\hwr-vc100-mt-x86.dll:
    Verified:    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
    Link date:    10:44 AM 10/3/2013
    Publisher:    SMART Technologies ULC
    Description:    n/a
    Product:    n/a
    Prod version:    2.0.63.0
    File version:    2.0.63.0
    MachineType:    32-bit
c:\Windows\WinSxS\x86_smarttech.localization.vc100.2.0_e7e76aadd9f46776_2.0.2.0_none_37a98cf3c42a3cd3\localization-vc100-mt-x86.dll:
    Verified:    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
    Link date:    2:51 PM 10/4/2013
    Publisher:    SMART Technologies ULC
    Description:    n/a
    Product:    n/a
    Prod version:    2.0.130.0
    File version:    2.0.130.0
    MachineType:    32-bit
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 PM

Posted 18 November 2014 - 11:29 AM

Thanks Eric,

Thanks for the information. After looking at a sampling of what you posted I believe those are legitimate files.

Please do this.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS.txt
  • Result.txt
  • Please describe your current symptoms

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Glycerine

Glycerine
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 November 2014 - 01:22 PM

Hi Gary,

I had to run both tools in SAFE mode. Why won't they work in "normal mode?" On my wireless card, why is my school
domain, "middlesexcc.edu" stuck as the suffix? That might explain why I have to log into my school account twice to gain
entry. Computer is starting up faster, although not as fast as it used to. Also I still have a ton of hidden folders. I will list some
for you. Is it normal to have all these VPN hidden files? I don't use a VPN.  Thanks again for your help.

Eric.

 

Farbar Service Scanner Version: 21-07-2014
Ran by TLC (administrator) on 18-11-2014 at 12:49:10
Running from "C:\Users\TLC\Desktop"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by TLC (administrator) on 18-11-2014 at 12:45:11
Running from "C:\Users\TLC\Desktop"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Ethernet (Connected)
Dell Wireless 1705 802.11b/g/n (2.4GHZ) = Wi-Fi (Media disconnected)
TAP-VyprVPN Adapter V9 = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="Wi-Fi" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : SweetHomeAl
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-VyprVPN Adapter V9
   Physical Address. . . . . . . . . : 00-FF-A7-8D-AE-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 5E-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : middlesexcc.edu
   Description . . . . . . . . . . . : Dell Wireless 1705 802.11b/g/n (2.4GHZ)
   Physical Address. . . . . . . . . : 1C-3E-84-AD-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : F0-1F-AF-0A-D8-2D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 68.39.180.20(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 18, 2014 12:11:31 PM
   Lease Expires . . . . . . . . . . : Saturday, November 22, 2014 8:29:26 AM
   Default Gateway . . . . . . . . . : 68.39.176.1
   DHCP Server . . . . . . . . . . . : 69.252.208.68
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
1.0.0.127.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  127.0.0.1

Name:    google.com.hsd1.nj.comcast.net
Addresses:  67.215.65.130
      67.215.65.130


Pinging google.com [74.125.226.160] with 32 bytes of data:
Reply from 74.125.226.160: bytes=32 time=14ms TTL=56
Reply from 74.125.226.160: bytes=32 time=17ms TTL=56

Ping statistics for 74.125.226.160:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 17ms, Average = 15ms
1.0.0.127.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  127.0.0.1

Name:    yahoo.com.hsd1.nj.comcast.net
Addresses:  67.215.65.130
      67.215.65.130


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=90ms TTL=50
Reply from 206.190.36.45: bytes=32 time=88ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 88ms, Maximum = 90ms, Average = 89ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 ff a7 8d ae e1 ......TAP-VyprVPN Adapter V9
  9...1e 3e 84 ad fd 6b ......Microsoft Wi-Fi Direct Virtual Adapter
  8...5e 3e 84 ad fd 6b ......Microsoft Hosted Network Virtual Adapter
  4...1c 3e 84 ad fd 6b ......Dell Wireless 1705 802.11b/g/n (2.4GHZ)
  3...f0 1f af 0a d8 2d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.39.176.1     68.39.180.20     20
      68.39.176.0    255.255.248.0         On-link      68.39.180.20    276
     68.39.180.20  255.255.255.255         On-link      68.39.180.20    276
    68.39.183.255  255.255.255.255         On-link      68.39.180.20    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      68.39.180.20    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      68.39.180.20    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2014 04:32:53 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (11/18/2014 02:25:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1514
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/18/2014 02:25:34 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e0c

Start Time: 01d002ff04543c87

Termination Time: 31

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 13447180-6ef4-11e4-beeb-f01faf0ad82d

Faulting package full name:

Faulting package-relative application ID:

Error: (11/18/2014 01:16:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcupdate.exe, version: 6.3.9600.16384, time stamp: 0x5215cd63
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xe0434352
Fault offset: 0x000000000000606c
Faulting process id: 0x1bc
Faulting application start time: 0xmcupdate.exe0
Faulting application path: mcupdate.exe1
Faulting module path: mcupdate.exe2
Report Id: mcupdate.exe3
Faulting package full name: mcupdate.exe4
Faulting package-relative application ID: mcupdate.exe5

Error: (11/18/2014 01:16:49 AM) (Source: .NET Runtime) (User: )
Description: Application: mcupdate.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: validOperationException.D0F96A43
Stack:
   at Microsoft.MediaCenter.Store.CrashReporting.Watson.WatsonCrashThread(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/17/2014 07:51:59 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1268

Start Time: 01d002c882226540

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 17f0ef85-6ebd-11e4-beeb-f01faf0ad82d

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/17/2014 03:32:31 PM) (Source: Application Hang) (User: )
Description: The program DVDFab.exe version 9.1.7.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9ec

Start Time: 01d002a488d737e3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\DVDFab 9 US\DVDFab.exe

Report Id: cb44dd3a-6e98-11e4-beeb-f01faf0ad82d

Faulting package full name:

Faulting package-relative application ID:

Error: (11/17/2014 03:24:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: DVDFab.exe, version: 9.1.7.4, time stamp: 0x5462e72b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xf7f3c7ce
Faulting process id: 0x9ec
Faulting application start time: 0xDVDFab.exe0
Faulting application path: DVDFab.exe1
Faulting module path: DVDFab.exe2
Report Id: DVDFab.exe3
Faulting package full name: DVDFab.exe4
Faulting package-relative application ID: DVDFab.exe5

Error: (11/17/2014 02:59:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: DVDFab.exe, version: 9.1.7.4, time stamp: 0x5462e72b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xf7f3c7ce
Faulting process id: 0xcd4
Faulting application start time: 0xDVDFab.exe0
Faulting application path: DVDFab.exe1
Faulting module path: DVDFab.exe2
Report Id: DVDFab.exe3
Faulting package full name: DVDFab.exe4
Faulting package-relative application ID: DVDFab.exe5

Error: (11/17/2014 01:59:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: DVDFab.exe, version: 9.1.7.4, time stamp: 0x5462e72b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xf7f3c7ce
Faulting process id: 0xb90
Faulting application start time: 0xDVDFab.exe0
Faulting application path: DVDFab.exe1
Faulting module path: DVDFab.exe2
Report Id: DVDFab.exe3
Faulting package full name: DVDFab.exe4
Faulting package-relative application ID: DVDFab.exe5


System errors:
=============
Error: (11/18/2014 00:45:14 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:45:14 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:45:12 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:45:12 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:45:12 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:45:12 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:44:44 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/18/2014 00:44:30 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/18/2014 00:44:21 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (11/18/2014 00:44:21 PM) (Source: DCOM) (User: SWEETHOMEAL)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (11/18/2014 04:32:53 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161

Error: (11/18/2014 02:25:34 AM) (Source: Application Error)(User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425151401d002ff059d4ad6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll15197412-6ef4-11e4-beeb-f01faf0ad82d

Error: (11/18/2014 02:25:34 AM) (Source: Application Hang)(User: )
Description: firefox.exe33.1.0.5423e0c01d002ff04543c8731C:\Program Files (x86)\Mozilla Firefox\firefox.exe13447180-6ef4-11e4-beeb-f01faf0ad82d

Error: (11/18/2014 01:16:50 AM) (Source: Application Error)(User: )
Description: mcupdate.exe6.3.9600.163845215cd63KERNELBASE.dll6.3.9600.1727853eebf2ee0434352000000000000606c1bc01d002f7343d4bd8C:\WINDOWS\ehome\mcupdate.exeC:\WINDOWS\system32\KERNELBASE.dll7ae006cb-6eea-11e4-beeb-f01faf0ad82d

Error: (11/18/2014 01:16:49 AM) (Source: .NET Runtime)(User: )
Description: Application: mcupdate.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: validOperationException.D0F96A43
Stack:
   at Microsoft.MediaCenter.Store.CrashReporting.Watson.WatsonCrashThread(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (11/17/2014 07:51:59 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20605126801d002c8822265404294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe17f0ef85-6ebd-11e4-beeb-f01faf0ad82dmicrosoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/17/2014 03:32:31 PM) (Source: Application Hang)(User: )
Description: DVDFab.exe9.1.7.49ec01d002a488d737e34294967295C:\Program Files (x86)\DVDFab 9 US\DVDFab.execb44dd3a-6e98-11e4-beeb-f01faf0ad82d

Error: (11/17/2014 03:24:49 PM) (Source: Application Error)(User: )
Description: DVDFab.exe9.1.7.45462e72bunknown0.0.0.000000000c0000005f7f3c7ce9ec01d002a488d737e3C:\Program Files (x86)\DVDFab 9 US\DVDFab.exeunknownc6d6131a-6e97-11e4-beeb-f01faf0ad82d

Error: (11/17/2014 02:59:58 PM) (Source: Application Error)(User: )
Description: DVDFab.exe9.1.7.45462e72bunknown0.0.0.000000000c0000005f7f3c7cecd401d002a11004385dC:\Program Files (x86)\DVDFab 9 US\DVDFab.exeunknown4e3d70e0-6e94-11e4-beeb-f01faf0ad82d

Error: (11/17/2014 01:59:08 PM) (Source: Application Error)(User: )
Description: DVDFab.exe9.1.7.45462e72bunknown0.0.0.000000000c0000005f7f3c7ceb9001d00298906e95d6C:\Program Files (x86)\DVDFab 9 US\DVDFab.exeunknownce781eb3-6e8b-11e4-beeb-f01faf0ad82d


CodeIntegrity Errors:
===================================
  Date: 2014-11-08 04:51:50.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\Dell.WelcomeGuide.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.

  Date: 2014-10-29 03:06:42.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-20 19:53:51.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:50:29.022
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:46:11.561
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:43:30.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:40:38.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:39:15.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:37:07.471
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-20 19:32:28.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


**** End of log ****
 

 

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 11/18/2014 12:58:22 PM
Windows Version: Windows 8

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

 * C:\$RECYCLE.BIN
 * C:\$RECYCLE.BIN\S-1-5-18
 * C:\$RECYCLE.BIN\S-1-5-21-1728614643-3146882776-3930629701-1001
 * C:\Program Files\Windows Sidebar
 * C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.9.0.29_x64__mcm4njqhnhss8\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Amazon.com.Amazon_2014.612.109.1246_neutral_~_343d40qqvtj1t\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.1_neutral__stfe6vwa9jnbp\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\DellInc.DellShop_1.3.151.10_neutral__htrsf667h5kn2\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2014.729.2245.2160_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2014.830.2330.2719_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.9200.20789_neutral__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Microsoft.WinJS.2.0_1.0.9600.17018_neutral__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2013.1011.10.5965_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata
 * C:\Program Files (x86)\Common Files\Windows Live\.cache
 * C:\Program Files (x86)\Windows Sidebar
 * C:\ProgramData\Apple Computer\iTunes\SC Info
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\PlayReady\Cache
 * C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrccache\downloads
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\{0366FA98-7F18-4B6B-8203-6D62D200FE4D}
 * C:\Recovery
 * C:\Recovery\Logs
 * C:\System Volume Information
 * C:\System Volume Information\Chkdsk
 * C:\System Volume Information\SPP
 * C:\System Volume Information\SPP\OnlineMetadataCache
 * C:\System Volume Information\SPP\SppCbsHiveStore
 * C:\System Volume Information\SPP\SppGroupCache
 * C:\System Volume Information\SystemRestore
 * C:\Users\BigBadJohn\AppData\Local\EmieSiteList
 * C:\Users\BigBadJohn\AppData\Local\EmieUserList
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds Cache\851IGPXJ
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds Cache\C5U0XGZ9
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds Cache\K1IMPN52
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Feeds Cache\OGUQUZRO
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\DNTException
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\DNTException\Low
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014082420140825
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\IECompatCache
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\IECompatCache\Low
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\IECompatUACache
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\IEDownloadHistory
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\Notifications\feff8c484d2811e3be81f01faf0ad82d
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\PrivacIE
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\PrivacIE\Low
 * C:\Users\BigBadJohn\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetCache
 * C:\Users\BigBadJohn\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetCookies
 * C:\Users\BigBadJohn\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetHistory
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4L9P3VE7
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4N69QXY5
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\BSJ8CGPF
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PLD1NJJU
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\BigBadJohn\AppData\LocalLow\Microsoft\Windows\AppCache\V910YZ7N
 * C:\Users\BigBadJohn\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\BigBadJohn\AppData\Roaming\Microsoft\Windows\iecompatuaCache
 * C:\Users\Public\Recorded TV\TempRec\TempSBE
 * C:\Users\TLC\AppData\Local\EmieBrowserModeList
 * C:\Users\TLC\AppData\Local\EmieSiteList
 * C:\Users\TLC\AppData\Local\EmieUserList
 * C:\Users\TLC\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\TLC\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\TLC\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\TLC\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Microsoft\Internet Explorer\IEFlipAheadCache
 * C:\Users\TLC\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\AppCache\H31G5H7Q
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\AppCache\WCOTBICA
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\Burn\Burn1
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\DNTException
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\DNTException\Low
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014111820141119
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\IECompatCache
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\IECompatCache\Low
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\IECompatUACache
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\IE
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\IE\DW7AQ0VV
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\IE\FHJQ13RU
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\IE\KE8WMIXM
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\IE\KWFX6HIW
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\Low\IE
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCache\Virtualized
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCookies
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\INetCookies\Low
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\Notifications\4b95f62d456911e3be6df01faf0ad82d
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\PrivacIE
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\PrivacIE\Low
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\SettingSync
 * C:\Users\TLC\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\TLC\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\4DF9E0F8.Netflix_mcm4njqhnhss8\LocalState\PlayReady\Cache
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\AppCache
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\AppCache\TWWZ7RV0
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\Internet Explorer\DOMStore\9UHVQMFZ
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\Internet Explorer\DOMStore\CP6Y96SZ
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\Internet Explorer\DOMStore\QT81QMRQ
 * C:\Users\TLC\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\Internet Explorer\DOMStore\T8XOYDG4
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\AppCache
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\AppCache\0JEJOAG1
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\AppCache\0JEJOAG1\1
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\AppCache\L3W2V9G6
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\AppCache\L3W2V9G6\1
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\0UBG0XDM
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\2E0Q4MPX
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\2EZLJYP2
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\4UKU8JD5
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\9FDK4HR3
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\AB7QIC77
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\JK254RTY
 * C:\Users\TLC\AppData\Local\Packages\AMZNMobileLLC.KindleforWindows8_stfe6vwa9jnbp\AC\Microsoft\Internet Explorer\DOMStore\T8BPZJ3M
 * C:\Users\TLC\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\CheckPoint.VPN_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellGettingStartedwithWindows8_htrsf667h5kn2\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\Microsoft\Internet Explorer\DOMStore\7RGCXRPS
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\Microsoft\Internet Explorer\DOMStore\XWSL44KF
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\Microsoft\Internet Explorer\DOMStore\YMFL5M9C
 * C:\Users\TLC\AppData\Local\Packages\DellInc.DellShop_htrsf667h5kn2\AC\Microsoft\Internet Explorer\DOMStore\YMLCU40E
 * C:\Users\TLC\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\eBayInc.eBay_1618n3s9xq8tw\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\f5.vpn.client_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\McAfeeInc.01.McAfeeSecurityAdvisorforDell_n49tcsmxt2t2c\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\TempState\Content.MSO
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetHistory\BackgroundTransferApi
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetHistory\BackgroundTransferApiGroup
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\0SGBMIXH
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\21HP5NEZ
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\2GW3ESWY
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\EUA7J1SW
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\KSSBXAR1
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\O2SXN3JY
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\Q4VQNHQ0
 * C:\Users\TLC\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\XMA9TINF
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.1.0_8wekyb3d8bbwe\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.1.0_8wekyb3d8bbwe\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.1.0_8wekyb3d8bbwe\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.2.0_8wekyb3d8bbwe\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.2.0_8wekyb3d8bbwe\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\Microsoft.WinJS.2.0_8wekyb3d8bbwe\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\SonicWALL.MobileConnect_cw5n1h2txyewy\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\SonicWALL.MobileConnect_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\SonicWALL.MobileConnect_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\AppCache
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\AppCache\A4YTM7GX
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\AppCache\UXDOEG3W
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\DNTException
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\EmieBrowserModeList
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\EmieSiteList
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\EmieUserList
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\IECompatCache
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\iecompatuaCache
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\IEDownloadHistory
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\INetHistory
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\7C27PIPE
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\7VIOB2GR
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\8US813VG
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\DOMStore\GZWTR4AT
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\Microsoft\Internet Explorer\IEFlipAheadCache
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\PrivacIE\Low
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\1779DEY8
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\ALL6G8PT
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\D96WTJDE
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\HAQCDALD
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\IMQTXSTO
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\S172A809
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\TQOL2B81
 * C:\Users\TLC\AppData\Local\Packages\windows_ie_ac_001\AC\UserData\W3130XC6
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\AppCache
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\AppCache\AI4OOEK8
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\AppCache\AI4OOEK8\1
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\AppCache\AI4OOEK8\2
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\AppCache\AI4OOEK8\3
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\INetCache
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\INetCookies
 * C:\Users\TLC\AppData\Local\Packages\WinStore_cw5n1h2txyewy\AC\INetHistory
 * C:\Users\TLC\AppData\LocalLow\EmieBrowserModeList
 * C:\Users\TLC\AppData\LocalLow\EmieSiteList
 * C:\Users\TLC\AppData\LocalLow\EmieUserList
 * C:\Users\TLC\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\TLC\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\TLC\AppData\LocalLow\Microsoft\Windows\AppCache\ECTJ3JL6
 * C:\Users\TLC\AppData\LocalLow\Microsoft\Windows\AppCache\K49LWB7W
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\118GETD9
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\DY391UN4
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\FWGVRJYC
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\81Q19N1W
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\KS7Q6F8Y
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\YS2TVK9I
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\Z0EDDWR4
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\OBD5VOH2
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\P70RNWXX
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\Q3IAFFU8
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\UDGGVJCZ
 * C:\Users\TLC\AppData\Roaming\Microsoft\Internet Explorer\UserData\W06N5ETT
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\TLC\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\TLC\Doctor Web\CureIt Quarantine
 * C:\Windows\BitLockerDiscoveryVolumeContents
 * C:\Windows\Camera\microsoft.system.package.metadata
 * C:\Windows\FileManager\microsoft.system.package.metadata
 * C:\Windows\ImmersiveControlPanel\microsoft.system.package.metadata
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
 * C:\Windows\Installer\$PatchCache$\Managed\00005109F80000000100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00005109F80000000100000000F01FEC\15.0.4659
 * C:\Windows\Installer\$PatchCache$\Managed\09699DDB14539164D9A2C3DD3B1EF5E9
 * C:\Windows\Installer\$PatchCache$\Managed\09699DDB14539164D9A2C3DD3B1EF5E9\8.0.5
 * C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F
 * C:\Windows\Installer\$PatchCache$\Managed\1926E8D15D0BCE53481466615F760A7F\10.0.40219
 * C:\Windows\Installer\$PatchCache$\Managed\1A4DE204B5F8A783688899A7FB858B2F
 * C:\Windows\Installer\$PatchCache$\Managed\1A4DE204B5F8A783688899A7FB858B2F\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\1BF4A48A307DBD84980E866B94D98210
 * C:\Windows\Installer\$PatchCache$\Managed\1BF4A48A307DBD84980E866B94D98210\8.0.1
 * C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A
 * C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219
 * C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2
 * C:\Windows\Installer\$PatchCache$\Managed\3e43b73803c7c394f8a6b2f0402e19c2\8.0.59193
 * C:\Windows\Installer\$PatchCache$\Managed\5B94CBA5CD0DD8240A28A4FE6F94F040
 * C:\Windows\Installer\$PatchCache$\Managed\5B94CBA5CD0DD8240A28A4FE6F94F040\2.0.721
 * C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010
 * C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\7EE06697B0C926945B666239EF4317D9
 * C:\Windows\Installer\$PatchCache$\Managed\7EE06697B0C926945B666239EF4317D9\11.4.564
 * C:\Windows\Installer\$PatchCache$\Managed\844C97FE649617D41843300487880C45
 * C:\Windows\Installer\$PatchCache$\Managed\844C97FE649617D41843300487880C45\10.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057
 * C:\Windows\Installer\$PatchCache$\Managed\D20352A90C039D93DBF6126ECE614057\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
 * C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
 * C:\Windows\Installer\$PatchCache$\Managed\E51618D9051BB88409AC11952E11B33E
 * C:\Windows\Installer\$PatchCache$\Managed\E51618D9051BB88409AC11952E11B33E\10.0.576
 * C:\Windows\Installer\$PatchCache$\Managed\ED0FAC38B3D873C46A13B2F861CE0313
 * C:\Windows\Installer\$PatchCache$\Managed\ED0FAC38B3D873C46A13B2F861CE0313\3.1.0
 * C:\Windows\Installer\$PatchCache$\Managed\FBD59A62668A83848A9CAF12F9BC2DE2
 * C:\Windows\Installer\$PatchCache$\Managed\FBD59A62668A83848A9CAF12F9BC2DE2\11.5.159
 * C:\Windows\Installer\$PatchCache$\UnManaged
 * C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-1728614643-3146882776-3930629701-1001
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies
 * C:\Windows\vpnplugins\checkpoint\microsoft.system.package.metadata
 * C:\Windows\vpnplugins\f5\microsoft.system.package.metadata
 * C:\Windows\vpnplugins\juniper\microsoft.system.package.metadata
 * C:\Windows\vpnplugins\sonicwall\microsoft.system.package.metadata
 * C:\Windows\WinStore\microsoft.system.package.metadata

Finished scanning the C:\ drive. 595 hidden items found.

Program finished at: 11/18/2014 01:01:57 PM
Execution time: 0 hours(s), 3 minute(s), and 34 seconds(s)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users